Announcement Announcement Module
No announcement yet.
intercept-url configuration Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • intercept-url configuration


    I'm hoping someone can help me. My config is set up below. I'm trying to secure down my app. I want it to have to be authenticated (logged in) everywhere you go, thus the /**. The problem is the Login page is being treated as protected area and I get stuck in an infinite loop in the browser, like it is just ignoring the permitAll. The "Login" form is a spring mvc form in site of MySite. Any suggestions?

    <http auto-config="true" use-expressions="true" create-session="never">
    		<intercept-url pattern="http://localhost:8080/MySite/Login" access="permitAll" />          
    		<intercept-url pattern="http://localhost:8080/MySite/Login/**" 	access="permitAll" /> 
    		<intercept-url pattern="/**" access="isAuthenticated()" /> 
    		<form-login login-page="${}" />
    		<logout logout-success-url="http://localhost:8080/MyWoodmen/Login" />
    		<remember-me key="AppKey123456" services-ref="mySiteRememberMeService" />

  • #2
    I am not a Spring Security specialist, but maybe you should try first short patterns (/Login* instead of http://localhost:8080/MySite/Login), just like in the documentation example and than test if your browser goes exactly to expected page?

    UPD: Sorry, I haven't seen your previous post before.
    Last edited by Lsync; Sep 28th, 2012, 05:33 AM.