Hi Dave,
Thanks.
Unfortunately, a loop is resulting after I "add the "/**" pattern below to
the filterInvocationInterceptor". The loop results on the redirect to
/roller-ui/login.rol
Acegi is new to me. Can you suggest how I can exempt:
/roller-ui/login.rol
while leaving in the "/**" pattern?
Best regards,
g
On Feb 1, 2008 12:59 PM, Dave <[EMAIL PROTECTED]> wrote:
> On Feb 1, 2008 1:21 AM, Greg Hamer <[EMAIL PROTECTED]> wrote:
>
> > Is there currently a setting whereby Roller will allow blog entries to
> be
> > viewed only by logged users?
> >
> > Essentially making the entire Roller instance Protected?
>
>
> There is no Roller configuration parameter, but since Roller uses Spring
> Acegi for authenticatio, I think you could do that by modifying the Spring
> Acegi configuration file WEB-INF/security.xml.
>
> For example, what if you were to add the "/**" pattern below to the
> filterInvocationInterceptor?
>
> <bean id="filterInvocationInterceptor" class="
> org.acegisecurity.intercept.web.FilterSecurityInterceptor">
> <property name="authenticationManager"
> ref="authenticationManager"/>
> <property name="accessDecisionManager"
> ref="accessDecisionManager"/>
> <property name="objectDefinitionSource">
> <value>
> <value>
> PATTERN_TYPE_APACHE_ANT
> /**=admin,editor
>
> I think that might do the trick.
>
> - Dave
>
>
