Results 1 to 2 of 2

Thread: Ultra-SIMPLE security question

  1. Jan 13th, 2010, 05:03 AM #1
    bozzo@celi.it
    bozzo@celi.it is offline Junior Member
    Join Date
    Sep 2009
    Posts
    25

    Talking Ultra-SIMPLE security question

    I made setup of sample 'wedding' app.
    security setup -> all configured right! Wonderful!
    Now I'd like to protect ALL my urls with login page.
    I thought <intercept-url pattern="/**" access="permitAll" /> with something like isAuthenticated() replacing permitAll may be enough but I was wrong.
    Can you give me a flash-answer, please?
    Thanks a lot, Fabio.
    Reply With Quote Reply With Quote
  2. Jan 14th, 2010, 04:00 AM #2
    Stefan Schmidt's Avatar
    Stefan Schmidt
    Stefan Schmidt is offline Senior Member Spring Team
    Join Date
    Mar 2008
    Location
    Sydney, AU
    Posts
    974

    Default

    Restricting everything with pattern="/**" will literally lock down your application. The problem is that some resources need to be accessible at all times such as the login.jspx, the tags, the default template, images, CSS, etc. So you would need to explicitly permit access to these resources for the web app to work. More details of this can be found in the Spring Security documentation though.

    HTH
    Stefan Schmidt
    Software Engineer, Spring Roo
    SpringSource - a division of VMware
    twitter @schmidtstefan
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules