Announcement Announcement Module
Collapse
No announcement yet.
how to bypass <intercept-url pattern="/trusted/**" access="ROLE_USER,SCOPE_TRUST" / Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to bypass <intercept-url pattern="/trusted/**" access="ROLE_USER,SCOPE_TRUST" /

    Hi ,

    i have a problem i have some urls ,

    <http access-denied-page="/login.jsp" access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/photos" access="ROLE_USER,SCOPE_READ" />
    <intercept-url pattern="/photos/**" access="ROLE_USER,SCOPE_READ" />
    <intercept-url pattern="/trusted/**" access="ROLE_USER,SCOPE_TRUST" />
    <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <form-login authentication-failure-url="/login.jsp" default-target-url="/index.jsp" login-page="/login.jsp"
    login-processing-url="/login.do" />
    <logout logout-success-url="/index.jsp" logout-url="/logout.do" />
    <anonymous />
    <custom-filter ref="oauth2ProviderFilter" after="EXCEPTION_TRANSLATION_FILTER" />
    </http>
    i want to access /trusted/**,i want to bypass login ,but it return login form to be response,
    i tried to put
    <http use-expressions="true" access-denied-page="/login.jsp" access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security">
    ......
    <intercept-url pattern="/trusted/**" access="permitAll" />
    .....
    not it gave this error
    nException: Error creating bean with name '(inner bean)#40': Instantiation of be
    an failed; nested exception is org.springframework.beans.BeanInstantiationExcept
    ion: Could not instantiate bean class [org.springframework.security.web.access.e
    xpression.ExpressionBasedFilterInvocationSecurityM etadataSource]: Constructor th
    rew exception; nested exception is java.lang.IllegalArgumentException: Failed to
    parse expression 'ROLE_USER,SCOPE_READ':
    java.lang.IllegalArgumentException: Failed to parse expression 'ROLE_USER,SCOPE_
    READ'

    how can i bypass the login page to access trusted url,
    is there anyway ,i have not been find a way
    please give me light
    thank you!!!

  • #2
    You can't use expressions with an explicit AccessDecisionManager. Try pattern="/trusted/**" access="IS_AUTHENTICATED_ANONYMOUSLY"?

    Why is it "trusted" if you don't need to be authenticated to get to that resource?

    Comment


    • #3
      ı solved the problem usıng <intercept-url pattern="/trusted/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> IS_AUTHENTICATED_ANONYMOUSLY thıs ıs useful thank you)

      Comment

      Working...
      X