Per-domain intercept-urls

[attack7]

Hi Folks -

I'm sure this is covered somewhere in the forum, but I couldn't find and appropriate search to yield an answer - so I apologize if this has been covered before.

I have a single .war file that handles multiple domains. Each domain might serve a page with the same URL, but the security requirements on them might be different.

For example, sitea.com might have

<intercept-url pattern="/products.html" access="ROLE_SITE_USERS"/>

Where siteb.com might have

<intercept-url pattern="/products.html" access="ROLE_ANONYMOUS"/>


Since it's a single war file, is there a way to tell the pattern to inspect the incoming domain name, or another attribute available to handle the problem?

i.e.

<intercept-url pattern="sitea.com/products.html" access="ROLE_SITE_USERS"/>

or

<intercept-url pattern="products.html" domain="sitea.com" access="ROLE_SITE_USERS"/>

Any help very much appreciated.

Thanks!
Matt

[Luke Taylor]

You will probably have to use a traditional bean configuration here. You are essentially changing the behaviour of the ObjectDefinitionaSource (SecurityMetadataSource in 3.0) which is used with the FilterSecurityInterceptor - it would return a different list of attributes depending on your "domain" value. So you will have to customize the standard implementation (or write a new one) and inject that into the interceptor.

[attack7]

Thanks a lot, Luke -- I appreciate the reply.