------------------------------------------------------------
revno: 17820
committer: Morten Olav Hansen <[email protected]>
branch nick: dhis2
timestamp: Mon 2014-12-29 10:08:05 +0100
message:
when authenticating directly to /api/**, only support http basic (allows for
401s etc), will reuse session from form-login if active
modified:
dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2014-12-19 15:42:38 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2014-12-29 09:08:05 +0000
@@ -27,6 +27,19 @@
<sec:http pattern="/external-static/**" security="none" />
<sec:http pattern="/favicon.ico" security="none" />
+ <sec:http access-decision-manager-ref="accessDecisionManager" use-expressions="true" realm="DHIS2" pattern="/api/**">
+ <sec:http-basic />
+
+ <sec:headers>
+ <sec:content-type-options />
+ <sec:frame-options />
+ <sec:xss-protection />
+ </sec:headers>
+
+ <sec:custom-filter ref="automaticAccessFilter" before="LOGOUT_FILTER" />
+ <sec:intercept-url pattern="/api/**" access="isAuthenticated()" />
+ </sec:http>
+
<sec:http access-decision-manager-ref="accessDecisionManager" use-expressions="true" realm="DHIS2">
<sec:openid-login user-service-ref="userDetailsService" default-target-url="/" always-use-default-target="false"
authentication-failure-handler-ref="securityExceptionTranslationHandler"
_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to : [email protected]
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp
