Looks like the signup page is protected. Same for passwd hint.
You still need a section similar to:
<http auto-config="true" lowercase-comparisons="false">
<!--intercept-url pattern="/images/*" filters="none"/>
<intercept-url pattern="/styles/*" filters="none"/>
<intercept-url pattern="/scripts/*" filters="none"/-->
<intercept-url pattern="/admin/*" access="ROLE_ADMIN"/>
<intercept-url pattern="/passwordHint.html*"
access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>
<intercept-url pattern="/signup.html*"
access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>
<intercept-url pattern="/a4j.res/*.html*"
access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>
<!-- APF-737, OK to remove line below if you're not using JSF -->
<intercept-url pattern="/**/*.html*" access="ROLE_ADMIN,ROLE_USER"/>
<form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp?error=true"
login-processing-url="/j_security_check"/>
<remember-me user-service-ref="userDao"
key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
</http>
where you specify the security for each url pattern. There you have the
anonymous role for signup and pwd hint.
When I had my filter implemented, I added an http entry-point-ref with the
<anonymous /> entry.
I would recommend you have a look at some spring security pages:
- Spring security reference:
http://static.springsource.org/spring-security/site/reference.html
http://teja.tejakantamneni.com/2008/08/spring-security-using-custom.html
http://heraclitusonsoftware.wordpress.com/software-development/spring/simple-web-application-with-spring-security-specification/
Josep
2010/6/30 Kissue Kissue <[email protected]>
> Hi,
>
> In my appfuse application, i want to be able to redirect users to a change
> password page when credentials_expired. To do this i am doing the following:
>
> 1. Create a custom AuthenticationProcessingFilter
> 2. set auto-config = false in security.xml
> 3. Added bean definitions for the custom authenticationprocessingfilter and
> authenticationProcessingFilterEntryPoint.
>
> After this everything works fine and i am able to login into the
> application but the problem is that when i click on the signup link on the
> login page, the page just refreshes and i do not see the signup page. The
> same happens for the password hint link. However, when i revert the changes
> in security.xml and then try again, this time the signup page appears.
>
> Anybody have any idea what could be wrong? My configs are below:
>
> <beans:bean id="authenticationProcessingFilterEntryPoint"
> class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
> <beans:property name="loginFormUrl" value="/login.jsp"/>
> <beans:property name="forceHttps" value="false"/>
>
> </beans:bean>
>
> <beans:bean id="appAuthenticationProcessingFilter"
> class="com.egsgroup.invoiceexchange.webapp.filter.AppAuthenticationProcessingFilter">
>
> <beans:property name="defaultTargetUrl" value="/index.jsp"/>
> <beans:property name="authenticationManager"
> ref="authenticationManager"/>
> <beans:property name="authenticationFailureUrl"
> value="/login.jsp?error=true"/>
> <beans:property name="filterProcessesUrl"
> value="/j_security_check"/>
> <beans:property name="rememberMeServices"
> ref="_rememberMeServices"/>
> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
>
> </beans:bean>
>
> Thanks.
>
