In the filterChainProxy bean, you could use the #NONE# keyword like we
do for images and such:
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/images/**=#NONE#
/scripts/**=#NONE#
/styles/**=#NONE#
/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
Or in the filterInvocationInterceptor, add your pattern as the first
one with ROLE_ANONYMOUS:
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/yourjsppattern.jsp*=ROLE_ANONYMOUS
/activeUsers.*=admin
/clickstreams.jsp*=admin
/flushCache.*=admin
/passwordHint.html*=ROLE_ANONYMOUS,admin,user
/reload.*=admin
/signup.html*=ROLE_ANONYMOUS,admin,user
/users.html*=admin
/**/*.html*=admin,user
</value>
On 2/13/07, Jon Loken <[EMAIL PROTECTED]> wrote:
Hi again,
I've had a closer look at filterChainProxy, but cannot see any immediate way
to disable a small set of jsp's from being authenticated.
Has anyone experience with preventing a small set of jps from going through
the Acegi login sequence? The jps pages in question are static, but cater
for i18n.
Regards
Jon
________________________________
From: Michael Horwitz [mailto:[EMAIL PROTECTED]
Sent: 13 February 2007 11:28
To: users@appfuse.dev.java.net
Subject: Re: [appfuse-user] acegi - disable authentication for particular
jsp pages (using spring MVC)
You could simply exclude them from Acegi processing altoghether by changing
the configuration of the filterChainProxy in sercurity.xml?
Mike.
On 2/13/07, Jon Loken <[EMAIL PROTECTED]> wrote:
>
>
> Hi all,
>
> Just a quick question regarding Acegi authentication.
>
> How can I disable authentication for particular jsp pages. These jsp pages
should then be freely accessible without being redirected to login.jsp. With
Acegi/Appfuse being so flexible I would not be surprised if this can be done
declaratively.
>
> At the moment the set of freely accessible jsp pages reside under folder
/pages/static/.
> Inserting line:
> /static/*.html*=ROLE_ANONYMOUS
> in bean 'filterInvocationInterceptor' in file security.xml is not
sufficient.
>
> A non declarative solution may that all requests pass by a filter that
gives all users role 'ROLE_ANONYMOUS'?
>
> I would normally do more research before posting here, but need to resolve
this fairly soon.
>
> Many thanks,
> Jon L.
>
______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information visit
http://www.virtual-email.net/messagelabs.htm
>
________________________________
This email has been scanned by Netintelligence
http://www.netintelligence.com/email
________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information visit
http://www.virtual-email.net/messagelabs.htm
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information visit
http://www.virtual-email.net/messagelabs.htm
--
http://raibledesigns.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
