Hi,

My question is: can I write a rule in filter security interceptor so an URL
doesn't need to have a role (needed to override a less specific one)?

e.g. in the following bean I want that all *.do except populateDatabase.do
need ROLE_USER.
populateDatabase.do can be called by any user although he hadn't logged in
before.


    <bean id="filterInvocationInterceptor"
class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager"><ref
bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref
bean="accessDecisionManager"/></property>
         <property name="objectDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /secure/**=ROLE_ADMIN
                /populateDatabase.do=----SOMETHING HERE----
                /**/*.do=ROLE_USER
            </value>
        </property>
    </bean>

Regards

Carlos Sanchez
A Coruņa, Spain

Oness Project
http://oness.sourceforge.net




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to