Author: jasha
Date: Fri Mar 22 21:27:46 2013
New Revision: 1460000
URL: http://svn.apache.org/r1460000
Log:
RAVE-906 Change regex of public pages so the queryString or additional suffixes
are optional
Also comply with latest Spring security scheme
Use spaces, not tabs, thanks
Modified:
rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
Modified:
rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
URL:
http://svn.apache.org/viewvc/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml?rev=1460000&r1=1459999&r2=1460000&view=diff
==============================================================================
---
rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
(original)
+++
rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml
Fri Mar 22 21:27:46 2013
@@ -28,15 +28,15 @@
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd";>
- <security:http auto-config="true" use-expressions="true"
disable-url-rewriting="true" path-type="regex">
+ <security:http auto-config="true" use-expressions="true"
disable-url-rewriting="true" request-matcher="regex">
<security:intercept-url pattern="\A/static(\?.*|/.*)\Z"
access="permitAll"/>
<security:intercept-url pattern="\A/login\Z" access="permitAll"/>
- <security:intercept-url pattern="\A/newaccount\.jsp(\\?.*)?\Z"
access="permitAll"/>
- <security:intercept-url pattern="\A/app/newaccount(\?.*|/.*)\Z"
access="permitAll"/>
- <security:intercept-url
pattern="\A/app/openidregister(\?.*|/.*)\Z" access="permitAll"/>
- <security:intercept-url pattern="\A/app/newpassword(\?.*|/.*)\Z"
access="permitAll"/>
- <security:intercept-url pattern="\A/app/retrieveusername(\?.*|/.*)\Z"
access="permitAll"/>
- <security:intercept-url pattern="\A/app/changepassword(\?.*|/.*)*\Z"
access="permitAll"/>
+ <security:intercept-url pattern="\A/app/newaccount\.jsp(\?.*)?\Z"
access="permitAll"/>
+ <security:intercept-url pattern="\A/app/newaccount(\?.*|/.*)?\Z"
access="permitAll"/>
+ <security:intercept-url pattern="\A/app/openidregister(\?.*|/.*)?\Z"
access="permitAll"/>
+ <security:intercept-url pattern="\A/app/newpassword(\?.*|/.*)?\Z"
access="permitAll"/>
+ <security:intercept-url pattern="\A/app/retrieveusername(\?.*|/.*)?\Z"
access="permitAll"/>
+ <security:intercept-url pattern="\A/app/changepassword(\?.*|/.*)?\Z"
access="permitAll"/>
<security:intercept-url pattern="\A/app/messagebundle/.*\.js\Z"
access="permitAll"/>
<security:intercept-url pattern="\A/app/admin(\?.*|/.*)\Z"
access="hasRole('ROLE_ADMIN')"/>
<!-- all urls must be authenticated -->
@@ -63,7 +63,7 @@
</security:openid-login>
<security:form-login login-page="/login" default-target-url="/"
authentication-failure-url="/login?authfail=form" />
<security:logout/>
- <security:remember-me/>
+ <security:remember-me user-service-ref="userService" />
</security:http>
<security:ldap-server ldif="classpath:users.ldiff"
root="dc=rave,dc=apache,dc=org" />
@@ -93,7 +93,7 @@
</bean>
<bean id="openIdAuthFailureHandler"
class="org.apache.rave.portal.web.controller.handler.OpenIDAuthenticationFailureHandler">
- <property name="defaultFailureUrl" value="/login?authfail=openid"/>
+ <property name="defaultFailureUrl" value="/login?authfail=openid"/>
</bean>
