On Tue, Oct 5, 2010 at 2:23 AM, pkerrigan <[email protected]> wrote: > My working example program had a public home page and a secure area, but I > want to restrict access to ALL pages in my Icefaces application. To do this > I added /** = authc to the url section as shown below. > When I do this to my working example program it stops working in the same > way as with the Icefaces webapp, even though I have added the /login.jsp = > authc line. > What is the correct way to restrict access to all pages?
"Correct" way is up to you. Nothing wrong with /** - that's pretty secure, but then you need to "poke holes" through it. Specify something like: /loginpost.url = anon (see http://incubator.apache.org/shiro/web.html) to make specific urls available to all users (including anonymous users) before /** = authc line (only authenticated users can access any url). Kalle > [filters] > authc.loginUrl = /login.jsp > roles.unauthorizedUrl = /unauthorized.jsp > > [urls] > /login.jsp = authc > /secure/** = authc, roles[user] > /admin/** = authc, roles[admin] > /** = authc > > > ----- > regards, > Philip Kerrigan > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Using-Shiro-with-Icefaces-tp5600653p5602443.html > Sent from the Shiro User mailing list archive at Nabble.com. >
