Hi,
I have developed a jsp ticket console to manage users CAS tickets and I would
like to protect it and only permit access to non admin authenticated users to
see their tickets.
In my securityContext.xml file I have added this to only permit authenticated
users:
<sec:http pattern="/services/ticket/**"
entry-point-ref="casProcessingFilterEntryPointTicketManager"
auto-config="false" use-expressions="true">
<sec:logout logout-url="/services/logout.html"
logout-success-url="/services/loggedOut.html"/>
<sec:custom-filter ref="casProcessingFilterTicketManager"
after="CAS_FILTER"/>
<sec:intercept-url pattern="/services/ticket/**"
access="isAuthenticated()"/>
</sec:http>
In my deployerConfigContext.xml I have only defined the admin user:
<sec:user-service id="userDetailsService">
<sec:user name="corsg" password="notused" authorities="ROLE_ADMIN" />
</sec:user-service>
The thing is that every user that tries to log in to access the jsp ticket
console is given an invalid service ticket error unless I add that user to the
above list.
I'm looking for a way of defining non admin users without having to add them
explicitally to list since we have a list of 36000 users.
Is there any way of using a wildcard or something similar to:
<sec:user name="all" password="notused" authorities="ROLE_USER" />
or
<sec:user name="*" password="notused" authorities="ROLE_USER" />
Those are not working.
Your help would be appreciated!
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
