Announcement Announcement Module
Collapse
No announcement yet.
public pages Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • public pages

    Hi,

    Here's a basic question from a new user. How can I assign a page to be a public page (e.g. one that doesn't require a username)? Here's my security settings.

    Thanks, WILL

    Code:
    <bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
      <property name="loginFormUrl"><value>/login.htm</value></property>
      <property name="forceHttps"><value>false</value></property>
    </bean>
    
    <bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
      <property name="allowIfAllAbstainDecisions"><value>false</value></property>
      <property name="decisionVoters">
        <list>
        <ref bean="roleVoter"/>
        </list>
      </property>
    </bean>
    
    <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
      <property name="authenticationManager"><ref bean="authenticationManager"/></property>
      <property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
      <property name="objectDefinitionSource">
        <value>
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT
          /client/**=ROLE_CLIENT
          /employee/**=ROLE_EMPLOYEE
          /admin/**=ROLE_ADMIN
          /error.jsp
        </value>
      </property>
    </bean>

  • #2
    I thought that if you had a page that didn't match any pattern it would not require authentication. For example in your webapp as configured, if you went to "/index.jsp" you should be allowed without being redirected to the login.htm.

    If that isn't the case, then I'm not sure the reason... just trying to help out a bit while Ben is cranking out 0.8.0.

    Speaking of 0.8.0, I think the new Anonymous authentication is supposed to help out with accessing protected resources without being logged in.

    Nathan

    Comment


    • #3
      I thought that if you had a page that didn't match any pattern it would not require authentication
      Yes, that it 100% true.

      [I think the new Anonymous authentication is supposed to help out with accessing protected resources without being logged in.[/quote]

      Again, that's true. You can read more about 0.8.0's new anonymous authentication at http://acegisecurity.sourceforge.net...y-ui-anonymous.

      Comment

      Working...
      X