Hi, My question is: can I write a rule in filter security interceptor so an URL doesn't need to have a role (needed to override a less specific one)?
e.g. in the following bean I want that all *.do except populateDatabase.do need ROLE_USER. populateDatabase.do can be called by any user although he hadn't logged in before. <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /secure/**=ROLE_ADMIN /populateDatabase.do=----SOMETHING HERE---- /**/*.do=ROLE_USER </value> </property> </bean> Regards Carlos Sanchez A Coruņa, Spain Oness Project http://oness.sourceforge.net ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id040&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer