Hi Yogya,
ACEGI decides which parts are secured and which are not. If you take a look
in security.xml (under WEB-INF) you will see a definition for a bean called
"filterInvocationInterceptor":
<bean id="filterInvocationInterceptor" class="
org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/clickstreams.jsp*=admin
/flushCache.*=admin
/passwordHint.html*=ROLE_ANONYMOUS,admin,user
/reload.*=admin
/signup.html*=ROLE_ANONYMOUS,admin,user
/users.html*=admin
/**/*.html*=admin,user
</value>
</property>
</bean>
The pattern type sets the parser for the URL pattern (in this case Apache
Ant style, so you can use * and ** as wildcards). Everything after that is a
pattern to match in the URL, followed by an = sign, and a list of the roles
allowed to access that URL. ROLE_ANONYMOUS grants users who have not logged
in the right to see that URL. If you need more details see the ACEGI
project: http://www.acegisecurity.org
Mike
On 12/11/06, Yogya Sharma <[EMAIL PROTECTED]> wrote:
Can someone help me with understanding the approach as how to manage my
application which consists of mange (login-required) part, and display
(login-no required) part. What would I need to do if I want all the jsp
pages in a particular directory to be able to be accessed without login.
Would this be the appropriate approach? Any suggestions?
Can I call an action before coming to the mainMenu.jsp page, i.e I want
the page my onPageLoadAction to decide the content of the mainMenu.jsppage.
Thanks in advance.
Yogya
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
