I am reposting the following from several months back.
We continue to have a requirement(s) for secure/private blogging
implementation with Roller.
Our implementation of Dave's initial suggestion (see below) did not work.
Might anyone be able to assist with any other possible Roller configuration
options?
Thank you in advance for your assistance.
Best regards,
g
On Fri, Feb 1, 2008 at 4:09 PM, Greg Hamer <[EMAIL PROTECTED]> wrote:
> Hi Dave,
>
> Thanks.
>
> Unfortunately, a loop is resulting after I "add the "/**" pattern below to
> the filterInvocationInterceptor". The loop results on the redirect to
> /roller-ui/login.rol
>
> Acegi is new to me. Can you suggest how I can exempt:
> /roller-ui/login.rol
> while leaving in the "/**" pattern?
>
> Best regards,
>
> g
>
>
>
> On Feb 1, 2008 12:59 PM, Dave <[EMAIL PROTECTED]> wrote:
>
>> On Feb 1, 2008 1:21 AM, Greg Hamer <[EMAIL PROTECTED]> wrote:
>>
>> > Is there currently a setting whereby Roller will allow blog entries to
>> be
>> > viewed only by logged users?
>> >
>> > Essentially making the entire Roller instance Protected?
>>
>>
>> There is no Roller configuration parameter, but since Roller uses Spring
>> Acegi for authentication, I think you could do that by modifying the
>> Spring
>> Acegi configuration file WEB-INF/security.xml.
>>
>> For example, what if you were to add the "/**" pattern below to the
>> filterInvocationInterceptor?
>>
>> <bean id="filterInvocationInterceptor" class="
>> org.acegisecurity.intercept.web.FilterSecurityInterceptor">
>> <property name="authenticationManager"
>> ref="authenticationManager"/>
>> <property name="accessDecisionManager"
>> ref="accessDecisionManager"/>
>> <property name="objectDefinitionSource">
>> <value>
>> <value>
>> PATTERN_TYPE_APACHE_ANT
>> /**=admin,editor
>>
>> I think that might do the trick.
>>
>> - Dave
>>
>>
