Announcement Announcement Module
Collapse
No announcement yet.
problem with using entry-point and intercept-url patterns Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • problem with using entry-point and intercept-url patterns

    Hello,

    my configuration looks like this:

    <security:http entry-point-ref="loginUrlAuthenticationEntryPoint" auto-config="true" use-expressions="true" disable-url-rewriting="true">
    <security:intercept-url pattern="/web/**" filters="none" />
    <security:intercept-url pattern="/ajax/**" filters="none" />
    ....
    <security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
    <security:form-login login-page="/index.htm" default-target-url="/start.htm" always-use-default-target="true" authentication-failure-url="/index.htm" />
    <security:logout />
    <session-management session-authentication-strategy-ref="sas" />
    </security:http>

    <security:authentication-manager alias="authenticationManager">
    <authentication-provider ref='authenticationProvider' />
    </security:authentication-manager>

    <beans:bean id="loginUrlAuthenticationEntryPoint"
    class="org.springframework.security.web.authentica tion.LoginUrlAuthenticationEntryPoint">
    <beansroperty name="loginFormUrl" value="/index.htm"/>
    <beansroperty name="useForward" value="true"/>
    </beans:bean>

    <beans:bean id="authenticationProvider"
    class="de.oyb.fangoetter.web.security.Authenticati onProvider">
    <beansroperty name="accountDao" ref="accountDao" />
    </beans:bean>

    <beans:bean id="sas"
    class="org.springframework.security.web.authentica tion.session.ConcurrentSessionControlStrategy">
    <beans:constructor-arg ref="sessionRegistry" />
    <beansroperty name="maximumSessions" value="1" />
    </beans:bean>

    <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.S essionRegistryImpl" />

    </beans:beans>


    So I am using the entry point with the URL index.htm which I want to access by a useForward.

    My problem:

    When I not log in and want to access the URL /user/home.htm (which is not allowed because of my ROLE_USER), this URL is nevertheless opened but I am not redirected to the index.htm because of the intercept-url pattern.

    What might be the failure with my configuration?
Working...
X