Hi Yogya,
Hmm. It all depends on any other configuration you have done within your
application. By default AppFuse is not configured to serve up .jsp files
directly. If you try and access mainMenu.jsp you will be directed to the
"Page Not Found" error page? Any access to any other page should redirect
you to the login page as the following is a catch all at the end of the
filter configuration:
/**/*.html*=admin,user
Mike
On 12/11/06, Yogya Sharma <[EMAIL PROTECTED]> wrote:
Thanks Mike for looking into this.
If thats the case I get a slight confusion as to why am I being able to
access a jsp pages under a newly created "display" folder, however when
trying to access the mainMenu.jsp directly it directs to the login page.
This makes me think that the security is managed in a folder specific way as
well.
*Michael Horwitz <[EMAIL PROTECTED]> *wrote:
Hi Yogya,
ACEGI decides which parts are secured and which are not. If you take a
look in security.xml (under WEB-INF) you will see a definition for a bean
called "filterInvocationInterceptor":
<bean id="filterInvocationInterceptor" class="
org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/clickstreams.jsp*=admin
/flushCache.*=admin
/passwordHint.html*=ROLE_ANONYMOUS,admin,user
/reload.*=admin
/signup.html*=ROLE_ANONYMOUS,admin,user
/users.html*=admin
/**/*.html*=admin,user
</value>
</property>
</bean>
The pattern type sets the parser for the URL pattern (in this case Apache
Ant style, so you can use * and ** as wildcards). Everything after that is a
pattern to match in the URL, followed by an = sign, and a list of the roles
allowed to access that URL. ROLE_ANONYMOUS grants users who have not logged
in the right to see that URL. If you need more details see the ACEGI
project: http://www.acegisecurity.org
Mike
On 12/11/06, Yogya Sharma <[EMAIL PROTECTED] > wrote:
>
> Can someone help me with understanding the approach as how to manage my
> application which consists of mange (login-required) part, and display
> (login-no required) part. What would I need to do if I want all the jsp
> pages in a particular directory to be able to be accessed without login.
> Would this be the appropriate approach? Any suggestions?
>
> Can I call an action before coming to the mainMenu.jsp page, i.e I want
> the page my onPageLoadAction to decide the content of the mainMenu.jsppage.
>
> Thanks in advance.
>
> Yogya
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
