Announcement Announcement Module
Collapse
No announcement yet.
objectDefinitionSource in FilterSecurityInterceptor Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • objectDefinitionSource in FilterSecurityInterceptor

    Hi,

    I have this configuration for the FilterSecurityInterceptor:

    <bean id="filterInvocationInterceptor"
    class="net.sf.acegisecurity.intercept.web.FilterSe curityInterceptor">
    <property name="authenticationManager">
    <ref bean="authenticationManager" />
    </property>
    <property name="accessDecisionManager">
    <ref bean="httpRequestAccessDecisionManager" />
    </property>
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    \A/.*\Z=ROLE_ADMINISTRADOR,ROLE_USUARIO,ROLE_EMPRESA
    </value>
    </property>
    </bean>


    But I get an infinite loop when deciding the authorization.

    If I indicate every single page, instead of /.*, then it works!!!

    What am I wrong?

  • #2
    The infinite loop is probably because your login.jsp is within the "protected" namespace of /*. So it tries to redirect to the login page, which gets caught as an unauthorised request, and re-redirects to the login page etc.

    Comment

    Working...
    X