It works with annonymous entry. Thanks a lot
On Thu, Jul 1, 2010 at 11:34 AM, Josep García <jgar...@isigma.es> wrote: > Try adding an <anonymous /> entry. > > 2010/7/1 Kissue Kissue <kissue...@gmail.com> > > Hi Josep, >> >> Thanks for your reply. I already have that section: >> >> >> <http auto-config="false" >> entry-point-ref="authenticationProcessingFilterEntryPoint" >> lowercase-comparisons="false"> >> >> >> <intercept-url pattern="/signup.html*" >> access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> >> >> <intercept-url pattern="/**/*.html*" access="ROLE_ADMIN,ROLE_USER"/> >> >> <!--<form-login login-page="/login.jsp" >> authentication-failure-url="/login.jsp?error=true" >> login-processing-url="/j_security_check"/>--> >> <remember-me user-service-ref="userDao" key=""/> >> </http> >> >> As you can see the signup should be able to be accessed annonymously. >> Unfortunately page just refreshes when i click signup link. >> >> I have set the auto-config= false because it is said you need to turn it >> off if you are not using defaults. >> >> Thanks. >> >> >> >> >> On Thu, Jul 1, 2010 at 9:21 AM, Josep García <jgar...@isigma.es> wrote: >> >>> Looks like the signup page is protected. Same for passwd hint. >>> >>> You still need a section similar to: >>> <http auto-config="true" lowercase-comparisons="false"> >>> <!--intercept-url pattern="/images/*" filters="none"/> >>> <intercept-url pattern="/styles/*" filters="none"/> >>> <intercept-url pattern="/scripts/*" filters="none"/--> >>> <intercept-url pattern="/admin/*" access="ROLE_ADMIN"/> >>> <intercept-url pattern="/passwordHint.html*" >>> access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> >>> <intercept-url pattern="/signup.html*" >>> access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> >>> <intercept-url pattern="/a4j.res/*.html*" >>> access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> >>> <!-- APF-737, OK to remove line below if you're not using JSF --> >>> <intercept-url pattern="/**/*.html*" >>> access="ROLE_ADMIN,ROLE_USER"/> >>> <form-login login-page="/login.jsp" >>> authentication-failure-url="/login.jsp?error=true" >>> login-processing-url="/j_security_check"/> >>> <remember-me user-service-ref="userDao" >>> key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/> >>> </http> >>> >>> where you specify the security for each url pattern. There you have the >>> anonymous role for signup and pwd hint. >>> >>> When I had my filter implemented, I added an http entry-point-ref with >>> the <anonymous /> entry. >>> >>> >>> I would recommend you have a look at some spring security pages: >>> - Spring security reference: >>> http://static.springsource.org/spring-security/site/reference.html >>> >>> http://teja.tejakantamneni.com/2008/08/spring-security-using-custom.html >>> >>> >>> http://heraclitusonsoftware.wordpress.com/software-development/spring/simple-web-application-with-spring-security-specification/ >>> >>> Josep >>> >>> 2010/6/30 Kissue Kissue <kissue...@gmail.com> >>> >>> Hi, >>>> >>>> In my appfuse application, i want to be able to redirect users to a >>>> change password page when credentials_expired. To do this i am doing the >>>> following: >>>> >>>> 1. Create a custom AuthenticationProcessingFilter >>>> 2. set auto-config = false in security.xml >>>> 3. Added bean definitions for the custom authenticationprocessingfilter >>>> and authenticationProcessingFilterEntryPoint. >>>> >>>> After this everything works fine and i am able to login into the >>>> application but the problem is that when i click on the signup link on the >>>> login page, the page just refreshes and i do not see the signup page. The >>>> same happens for the password hint link. However, when i revert the changes >>>> in security.xml and then try again, this time the signup page appears. >>>> >>>> Anybody have any idea what could be wrong? My configs are below: >>>> >>>> <beans:bean id="authenticationProcessingFilterEntryPoint" >>>> class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> >>>> <beans:property name="loginFormUrl" value="/login.jsp"/> >>>> <beans:property name="forceHttps" value="false"/> >>>> >>>> </beans:bean> >>>> >>>> <beans:bean id="appAuthenticationProcessingFilter" >>>> class="com.egsgroup.invoiceexchange.webapp.filter.AppAuthenticationProcessingFilter"> >>>> >>>> <beans:property name="defaultTargetUrl" value="/index.jsp"/> >>>> <beans:property name="authenticationManager" >>>> ref="authenticationManager"/> >>>> <beans:property name="authenticationFailureUrl" >>>> value="/login.jsp?error=true"/> >>>> <beans:property name="filterProcessesUrl" >>>> value="/j_security_check"/> >>>> <beans:property name="rememberMeServices" >>>> ref="_rememberMeServices"/> >>>> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/> >>>> >>>> </beans:bean> >>>> >>>> Thanks. >>>> >>> >>> >> >
