Hi,
Been using acegi for a short while now and am very impressed with the way it's put together and works, thanks! However, one small issue, which may be a configuration bit I've not worked out yet - suppose I want to secure an entire app:
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=ROLE_ALLOWED_USER
</value>
</property>
</bean>
I therefore need to have a login page, which will be under / - e.g. /security/login.jsp . Naturally, when the filter does a redirect to the security page, the filter kicks in again, and you get a loop in the browser, etc.
How do I get around this? I can see 2 ways - either having something like:
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/security/**=
/**=ROLE_ALLOWED_USER
</value>
</property>
</bean>
but this doesn't seem to work, or better still, being able to give the Anonymous user a role. This allows configuration of what the anonymous user can do on a per-implementation basis of an application.
Have I missed something in the config, or can this not be done yet?
thanks,
Steve.
