Announcement Announcement Module
Collapse
No announcement yet.
Problem with LoginUrlEntryPoint and intercept Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with LoginUrlEntryPoint and intercept

    Hello !!

    My configuration looks like this:

    <security:http auto-config="false" use-expressions="true" disable-url-rewriting="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
    <security:intercept-url pattern="/web/**" filters="none" />
    <security:intercept-url pattern="/index.htm" filters="none" />
    <security:intercept-url pattern="/start.htm" access="hasAnyRole('ROLE_USER')" />
    ...
    <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER')" />
    <security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
    <security:intercept-url pattern="/user/ajax/**" access="hasRole('ROLE_USER')" />
    <security:form-login login-page="/index.htm" default-target-url="/start.htm" always-use-default-target="true" authentication-failure-url="/index.htm" />
    <security:logout />
    <session-management session-authentication-strategy-ref="sas" />
    </security:http>

    <security:authentication-manager alias="authenticationManager">
    <authentication-provider ref='authenticationProvider' />
    </security:authentication-manager>

    <beans:bean id="loginUrlAuthenticationEntryPoint"
    class="org.springframework.security.web.authentica tion.LoginUrlAuthenticationEntryPoint">
    <beansroperty name="loginFormUrl" value="/index.htm" />
    <beansroperty name="useForward" value="true" />
    </beans:bean>

    <beans:bean id="authenticationProvider"
    class="de.oyb.fangoetter.web.security.Authenticati onProvider">
    <beansroperty name="accountDao" ref="accountDao" />
    </beans:bean>

    <beans:bean id="sas"
    class="org.springframework.security.web.authentica tion.session.ConcurrentSessionControlStrategy">
    <beans:constructor-arg ref="sessionRegistry" />
    <beansroperty name="maximumSessions" value="1" />
    </beans:bean>

    <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.S essionRegistryImpl" />


    My problem is that the user area with my urls /user/** is not secured any more.

    When I am type in the URL /user/home.htm with the login, it is not redirecting correctly to the login url index.htm, but shows the content of this /user/home.htm

    Any ideas for a correct redirect when no login was executed?

  • #2
    Actually I wanted to write:

    When I am type in the URL /user/home.htm with NO login before, it is not redirecting correctly to the login url index.htm, but shows the content of this /user/home.htm

    Comment

    Working...
    X