Announcement Announcement Module
Collapse
No announcement yet.
How to avoid images, css, javascripts from Security Filters Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to avoid images, css, javascripts from Security Filters

    Hi,
    From understanding there are two ways with which we could avoid the resources like images, css files, javascripts etc from SpringSecurity Filters like AnonymousProcessFilter.
    1. By including only needed URL mapping in web.xml as
    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>*.do</url-pattern>
    <url-pattern>/j_spring_security_check</url-pattern>
    <url-pattern>/j_spring_security_logout</url-pattern>
    </filter-mapping>
    2. as in http://forum.springsource.org/showthread.php?t=65822

    <security:http>
    <security:intercept-url pattern="/images/**" filters="none"/>
    <security:intercept-url pattern="/css/**" filters="none"/>
    <security:intercept-url pattern="/js/**" filters="none"/>
    <security:intercept-url pattern="/login.html*" filters="none"/>
    <security:intercept-url pattern="/**" access="ROLE_USER" />
    <security:form-login login-page="/login.html" default-target-url="/home.html" always-use-default-target="true" />
    </security:http>

    I am curious to know
    1. both methods are correct
    2. which one is better than the otther

  • #2
    Another interested party

    If this has been answered somewhere else can someone please post a forum link? I am also interested. Thanks!

    Comment


    • #3
      Originally posted by scs_santhosh View Post
      Hi,
      From understanding there are two ways with which we could avoid the resources like images, css files, javascripts etc from SpringSecurity Filters like AnonymousProcessFilter.
      1. By including only needed URL mapping in web.xml as
      <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>*.do</url-pattern>
      <url-pattern>/j_spring_security_check</url-pattern>
      <url-pattern>/j_spring_security_logout</url-pattern>
      </filter-mapping>
      2. as in http://forum.springsource.org/showthread.php?t=65822

      <security:http>
      <security:intercept-url pattern="/images/**" filters="none"/>
      <security:intercept-url pattern="/css/**" filters="none"/>
      <security:intercept-url pattern="/js/**" filters="none"/>
      <security:intercept-url pattern="/login.html*" filters="none"/>
      <security:intercept-url pattern="/**" access="ROLE_USER" />
      <security:form-login login-page="/login.html" default-target-url="/home.html" always-use-default-target="true" />
      </security:http>

      I am curious to know
      1. both methods are correct
      2. which one is better than the otther
      As far as i think 2nd option is better one.
      reason is that its better to give control to dispacher-servlet and it to decide what to do.
      yes i'm agree that u can do it with option 1 but in same way we all can do with J2EE whichever is provided by spring. But adding in dispacher-servlet it adds better way of handling along with u can have customize handling on that code..

      Comment

      Working...
      X