Jan 13th, 2010, 05:03 AM
Ultra-SIMPLE security question
I made setup of sample 'wedding' app.
security setup -> all configured right! Wonderful!
Now I'd like to protect ALL my urls with login page.
I thought <intercept-url pattern="/**" access="permitAll" /> with something like isAuthenticated() replacing permitAll may be enough but I was wrong.
Can you give me a flash-answer, please?
Thanks a lot, Fabio.
Jan 14th, 2010, 04:00 AM
Restricting everything with pattern="/**" will literally lock down your application. The problem is that some resources need to be accessible at all times such as the login.jspx, the tags, the default template, images, CSS, etc. So you would need to explicitly permit access to these resources for the web app to work. More details of this can be found in the Spring Security documentation though.
Tags for this Thread