That approach worked great, with one minor glitch being that index.jsp
could be hit without auth before and now it redirects to login even to
hit that even though I have the urls configured like so:
ini.getSection("urls").put("/secure/**", "authc");
ini.getSection("urls").put("/login.jsp", "authc");
ini.getSection("urls").put("/", "authc2");
previously it would only redirect to login.jsp if I tried access
anything below /secure...now it redirects there no matter what, so I am
unable to provide un secured access to the /index.jsp landing page as
before. The .ini params are all the same so I cannot understand why
that would differ. the index.jsp as you can see from my .ini contents
was a second login page allowing them to login there at the front
instead of waiting to be redirected upon trying to access /secure/*
resources.
On 2/6/2012 4:58 PM, Les Hazlewood wrote:
P.S. This assumes that the filter instance filters _all_ requests to
your web application - this is what ensures the web-specific
SecurityManager is accessible to any code executed during a request.
Cheers,
Les
