Carlos Sanchez wrote:
Hi,
My question is: can I write a rule in filter security interceptor so an URL doesn't need to have a role (needed to override a less specific one)?
e.g. in the following bean I want that all *.do except populateDatabase.do
need ROLE_USER.
populateDatabase.do can be called by any user although he hadn't logged in
before.
Hi Carlos
Take a look at http://article.gmane.org/gmane.comp.java.springframework.acegisecurity.devel/162.
Instead of rearranging your application's paths or writing a class like mentioned in the archive, you might be able to change your database setup approach. One way would be to write a filter which detects a request for "populateDatabase.do" and runs the database setup code. Or you could even automate it via a load-at-startup Servlet which detects an empty database on application startup and sets it up. Or a Quartz job which does the routine database or system management tasks, including initial database configuration. There are other ways too.
Best regards Ben
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
