Announcement Announcement Module
No announcement yet.
Url pattern to secure a form Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Url pattern to secure a form

    Hi all,

    I'm working with ROO and Spring Security, and I wanted to secure a form. I want to allow users list books (..../books), but I want to secure the editing and creating form (.../books?form).

    I tried to put the next code into the applicationContext-security.xml file:
    <intercept-url pattern="/books*form" access="hasRole('ROLE_ADMIN')"/>
    <intercept-url pattern="/books" access="hasRole('ROLE_USER')"/>
    But it didn't work. Any idea about the correct url pattern to secure the form?

  • #2
    I finally solved it. You can permit or refuse access depending on the method. For example, in this case I restricted access to only the ROLE_ADMIN to the URL with methods PUT, POST and DELETE. Doing that you only allow users to list the objects, but they can't create, update or delete them.


    • #3
      Spring Security will not process query parameters when using the namespace with the ant path matcher (it strips them off before comparison). You can set the [email protected] to regular expressions to include query string parameters.