Announcement Announcement Module
No announcement yet.
Multiple http element pattern attribute documentation Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple http element pattern attribute documentation

    Hi Luke,
    Could you please clarify how the http element pattern attribute is different from the intercept-url element pattern attribute. Is the intercept-url pattern a way to further filter the request when used in conjunction with the http element pattern? Or is it a like a one or the other type of thing?

    In this example, I can imagine how this would work. I assume that the intercept-url pattern matches from the root, not customer/. It's more or less redundant.
    <security:http pattern="/spring/customer/**" use-expressions="true" authentication-manager-ref="authMgr1">
      <security:intercept-url pattern="/**" access="permitAll"/>
    but how about this? Is this intercept-url pattern even applied or valid?
    <security:http pattern="/spring/customer/**" use-expressions="true" authentication-manager-ref="authMgr1">
      <security:intercept-url pattern="/test/**" access="permitAll"/>
    Last edited by blicket; Dec 2nd, 2011, 12:55 PM.

  • #2
    Did you try it?


    • #3
      I've been trying to get it to go ever since the snapshot change. So I have now several http elements. not sure if one is suppose to be a replacement for the other in certain situations or more of a compliment. It would be nice to have one to describe the config for very scenarios.

      In my case, I have an existing CAS authmanager+provider+entrypoint which is in authMgr2 as a catch all. I'm trying to have other patterns to use another chain (first 4 lines below). I know the example below has multiple chains, only because i don't know if multiple patterns can be applied in the http pattern.

      <security:http pattern="/spring/customer/**" use-expressions="true" authentication-manager-ref="authMgr1">...</security:http>
      <security:http pattern="/jsp/login.jsp" use-expressions="true" authentication-manager-ref="authMgr1">...</security:http>
      <security:http pattern="/j_spring_security_check" use-expressions="true" authentication-manager-ref="authMgr1">...</security:http>
      <security:http pattern="/spring/misc/**" use-expressions="true" authentication-manager-ref="authMgr1">...</security:http>
      <security:http use-expressions="true" authentication-manager-ref="authMgr2">...</security:http>
      Ideally the first 4 lines would be one chain. In my first 4 lines, I have copies of the same content ...
      <security:custom-filter position="FIRST" ref="mySignOutFilter" />
      <security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="myConcurrencyFilter"/>
      <security:custom-filter position="FORM_LOGIN_FILTER" ref="myUsernamePasswordAuthenticationFilter"/>
      <security:session-management session-authentication-strategy-ref="mySessionAuthStrategy" />
      again, not sure if this could be problematic, since they're the same chain defined over and over again, 4 times for various patterns.


      • #4
        In my webflow facelet view, I'm able to see my SecurityContextHolder with details and it's authenticated but I'm not able to make spring remoting httpinvoker calls to my service layer. Works for one http authentication-manager but not the other.