Recently I started implementing a web-based application.
I like Acegi, and decided to give it a try.
One of my colleagues had written something prior to my tests, and I decided to use that.
However I was very disappointed, that I have to set up url security by hand.
In a couple of words: I have a user-only application, that requires that the user authenticates prior to accessing any part of the application. However when I did this:
I got held up by an infinite web-redirecting when the user tries to access the login page at /login.html, or /security_check or /index.jsp (which just redirects to the login page).
<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
I tried to find a way do disable security checks for the index and the login resources, but to no avail.[/b]
So. Is it possible to exclude any resources from the security checks?
But this dies with a NPE when initializing the bean.
The only (I don't like it, but...) way I found is to secure EVERYTHING except the login resources, but this approach is a complete PITA when it comes to a modularized application, where modules would be added, and the security module will not know anything about them.