Announcement Announcement Module
Collapse
No announcement yet.
<http pattern=''' ...> vs <intercept-url pattern="" ...> Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • <http pattern=''' ...> vs <intercept-url pattern="" ...>

    We are using the Web Application Security Namespace, and have configured it like so...

    Code:
        <!-- Auth Code authorization page -->
        <http pattern="/oauth/authorize" disable-url-rewriting="true" >
            <intercept-url pattern="/oauth/authorize" access="ROLE_USER"/>
            <form-login
                    login-page="/login"
                    default-target-url="/oauth/authorize"
                    authentication-success-handler-ref="authCodeAuthenticationSuccessHandler"
                    authentication-failure-handler-ref="authCodeAuthenticationFailureHandler"/>
            <logout logout-success-url="/logout"/>
            <custom-filter ref="authCodeEventFilterForMetricsLogging" position="FIRST"/>
        </http>
    Note the declaration of the url "/oauth/authorize" in two places ( <http pattern=''' ...> and <intercept-url pattern="" ...> ). Is it necessary to put this in both places? One preferred over the other?

    Thanks!

    Gary

  • #2
    <http pattern="/oauth/authorize"... starts a chain for all calls that their pattern is /oauth/authorize.
    then, inside this block, you also say that specifically for '/oauth/authorize' - the user must have USER_ROLE access. (so if it hasn't, it will be redirected to a login form.)
    AFAIK you have to "double" it. in your case (oauth configuration), this re-writing is shouting, but it also lets you a level of flexibility in other cases.

    Comment

    Working...
    X