Announcement Announcement Module
No announcement yet.
Ultra-SIMPLE security question Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ultra-SIMPLE security question

    I made setup of sample 'wedding' app.
    security setup -> all configured right! Wonderful!
    Now I'd like to protect ALL my urls with login page.
    I thought <intercept-url pattern="/**" access="permitAll" /> with something like isAuthenticated() replacing permitAll may be enough but I was wrong.
    Can you give me a flash-answer, please?
    Thanks a lot, Fabio.

  • #2
    Restricting everything with pattern="/**" will literally lock down your application. The problem is that some resources need to be accessible at all times such as the login.jspx, the tags, the default template, images, CSS, etc. So you would need to explicitly permit access to these resources for the web app to work. More details of this can be found in the Spring Security documentation though.