Try adding an <anonymous /> entry. 2010/7/1 Kissue Kissue <kissue...@gmail.com>
> Hi Josep, > > Thanks for your reply. I already have that section: > > > <http auto-config="false" > entry-point-ref="authenticationProcessingFilterEntryPoint" > lowercase-comparisons="false"> > > > <intercept-url pattern="/signup.html*" > access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> > > <intercept-url pattern="/**/*.html*" access="ROLE_ADMIN,ROLE_USER"/> > > <!--<form-login login-page="/login.jsp" > authentication-failure-url="/login.jsp?error=true" > login-processing-url="/j_security_check"/>--> > <remember-me user-service-ref="userDao" key=""/> > </http> > > As you can see the signup should be able to be accessed annonymously. > Unfortunately page just refreshes when i click signup link. > > I have set the auto-config= false because it is said you need to turn it > off if you are not using defaults. > > Thanks. > > > > > On Thu, Jul 1, 2010 at 9:21 AM, Josep García <jgar...@isigma.es> wrote: > >> Looks like the signup page is protected. Same for passwd hint. >> >> You still need a section similar to: >> <http auto-config="true" lowercase-comparisons="false"> >> <!--intercept-url pattern="/images/*" filters="none"/> >> <intercept-url pattern="/styles/*" filters="none"/> >> <intercept-url pattern="/scripts/*" filters="none"/--> >> <intercept-url pattern="/admin/*" access="ROLE_ADMIN"/> >> <intercept-url pattern="/passwordHint.html*" >> access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> >> <intercept-url pattern="/signup.html*" >> access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> >> <intercept-url pattern="/a4j.res/*.html*" >> access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> >> <!-- APF-737, OK to remove line below if you're not using JSF --> >> <intercept-url pattern="/**/*.html*" >> access="ROLE_ADMIN,ROLE_USER"/> >> <form-login login-page="/login.jsp" >> authentication-failure-url="/login.jsp?error=true" >> login-processing-url="/j_security_check"/> >> <remember-me user-service-ref="userDao" >> key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/> >> </http> >> >> where you specify the security for each url pattern. There you have the >> anonymous role for signup and pwd hint. >> >> When I had my filter implemented, I added an http entry-point-ref with the >> <anonymous /> entry. >> >> >> I would recommend you have a look at some spring security pages: >> - Spring security reference: >> http://static.springsource.org/spring-security/site/reference.html >> >> http://teja.tejakantamneni.com/2008/08/spring-security-using-custom.html >> >> >> http://heraclitusonsoftware.wordpress.com/software-development/spring/simple-web-application-with-spring-security-specification/ >> >> Josep >> >> 2010/6/30 Kissue Kissue <kissue...@gmail.com> >> >> Hi, >>> >>> In my appfuse application, i want to be able to redirect users to a >>> change password page when credentials_expired. To do this i am doing the >>> following: >>> >>> 1. Create a custom AuthenticationProcessingFilter >>> 2. set auto-config = false in security.xml >>> 3. Added bean definitions for the custom authenticationprocessingfilter >>> and authenticationProcessingFilterEntryPoint. >>> >>> After this everything works fine and i am able to login into the >>> application but the problem is that when i click on the signup link on the >>> login page, the page just refreshes and i do not see the signup page. The >>> same happens for the password hint link. However, when i revert the changes >>> in security.xml and then try again, this time the signup page appears. >>> >>> Anybody have any idea what could be wrong? My configs are below: >>> >>> <beans:bean id="authenticationProcessingFilterEntryPoint" >>> class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> >>> <beans:property name="loginFormUrl" value="/login.jsp"/> >>> <beans:property name="forceHttps" value="false"/> >>> >>> </beans:bean> >>> >>> <beans:bean id="appAuthenticationProcessingFilter" >>> class="com.egsgroup.invoiceexchange.webapp.filter.AppAuthenticationProcessingFilter"> >>> >>> <beans:property name="defaultTargetUrl" value="/index.jsp"/> >>> <beans:property name="authenticationManager" >>> ref="authenticationManager"/> >>> <beans:property name="authenticationFailureUrl" >>> value="/login.jsp?error=true"/> >>> <beans:property name="filterProcessesUrl" >>> value="/j_security_check"/> >>> <beans:property name="rememberMeServices" >>> ref="_rememberMeServices"/> >>> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/> >>> >>> </beans:bean> >>> >>> Thanks. >>> >> >> >
