Hi Josep, Thanks for your reply. I already have that section:
<http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint" lowercase-comparisons="false"> <intercept-url pattern="/signup.html*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> <intercept-url pattern="/**/*.html*" access="ROLE_ADMIN,ROLE_USER"/> <!--<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=true" login-processing-url="/j_security_check"/>--> <remember-me user-service-ref="userDao" key=""/> </http> As you can see the signup should be able to be accessed annonymously. Unfortunately page just refreshes when i click signup link. I have set the auto-config= false because it is said you need to turn it off if you are not using defaults. Thanks. On Thu, Jul 1, 2010 at 9:21 AM, Josep García <jgar...@isigma.es> wrote: > Looks like the signup page is protected. Same for passwd hint. > > You still need a section similar to: > <http auto-config="true" lowercase-comparisons="false"> > <!--intercept-url pattern="/images/*" filters="none"/> > <intercept-url pattern="/styles/*" filters="none"/> > <intercept-url pattern="/scripts/*" filters="none"/--> > <intercept-url pattern="/admin/*" access="ROLE_ADMIN"/> > <intercept-url pattern="/passwordHint.html*" > access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> > <intercept-url pattern="/signup.html*" > access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> > <intercept-url pattern="/a4j.res/*.html*" > access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> > <!-- APF-737, OK to remove line below if you're not using JSF --> > <intercept-url pattern="/**/*.html*" > access="ROLE_ADMIN,ROLE_USER"/> > <form-login login-page="/login.jsp" > authentication-failure-url="/login.jsp?error=true" > login-processing-url="/j_security_check"/> > <remember-me user-service-ref="userDao" > key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/> > </http> > > where you specify the security for each url pattern. There you have the > anonymous role for signup and pwd hint. > > When I had my filter implemented, I added an http entry-point-ref with the > <anonymous /> entry. > > > I would recommend you have a look at some spring security pages: > - Spring security reference: > http://static.springsource.org/spring-security/site/reference.html > > http://teja.tejakantamneni.com/2008/08/spring-security-using-custom.html > > > http://heraclitusonsoftware.wordpress.com/software-development/spring/simple-web-application-with-spring-security-specification/ > > Josep > > 2010/6/30 Kissue Kissue <kissue...@gmail.com> > > Hi, >> >> In my appfuse application, i want to be able to redirect users to a change >> password page when credentials_expired. To do this i am doing the following: >> >> 1. Create a custom AuthenticationProcessingFilter >> 2. set auto-config = false in security.xml >> 3. Added bean definitions for the custom authenticationprocessingfilter >> and authenticationProcessingFilterEntryPoint. >> >> After this everything works fine and i am able to login into the >> application but the problem is that when i click on the signup link on the >> login page, the page just refreshes and i do not see the signup page. The >> same happens for the password hint link. However, when i revert the changes >> in security.xml and then try again, this time the signup page appears. >> >> Anybody have any idea what could be wrong? My configs are below: >> >> <beans:bean id="authenticationProcessingFilterEntryPoint" >> class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> >> <beans:property name="loginFormUrl" value="/login.jsp"/> >> <beans:property name="forceHttps" value="false"/> >> >> </beans:bean> >> >> <beans:bean id="appAuthenticationProcessingFilter" >> class="com.egsgroup.invoiceexchange.webapp.filter.AppAuthenticationProcessingFilter"> >> >> <beans:property name="defaultTargetUrl" value="/index.jsp"/> >> <beans:property name="authenticationManager" >> ref="authenticationManager"/> >> <beans:property name="authenticationFailureUrl" >> value="/login.jsp?error=true"/> >> <beans:property name="filterProcessesUrl" >> value="/j_security_check"/> >> <beans:property name="rememberMeServices" >> ref="_rememberMeServices"/> >> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/> >> >> </beans:bean> >> >> Thanks. >> > >
