1

I am using Spring Security 3 for Authorization. By default if user does not mention any pattern in intercept url tag then Spring does not restrict that user from accessing that url. I want to restrict this default behavior of Spring Security programatically. I dont want to use denyAll in Sprig Security xml.

My requirement is whenever any Authenticated user tries to access any url,first I want to manually check whether that URL is present in Spring Security xml. If it is there then I will ask Spring to follow its normal Authorization process; but if URL is not there then I want to restrict user access for that URL. Please help me out to meet my requirement.

Michail Nikolaev
  • 3,733
  • 22
  • 18
Ravi
  • 181
  • 1
  • 3
  • 12
  • If you are satisfied with checking only handlers with `@PreAuthorize`, then you may take a look on [this](http://stackoverflow.com/a/15229751/655756) answer. – n1ckolas Mar 18 '13 at 12:36
  • Thanks for reply; but this does not met my requirement. – Ravi Mar 18 '13 at 12:47
  • May be `isFullyAuthenticated()` can feet your needs? – Maksym Demidas Mar 18 '13 at 15:01
  • Still this does not met my requirement. I am developing a framework using Spring Security + combination of other MVC frameworks which will be used by other application team for developing their project. In this case after Authentication I want to make sure that every URL access by an end user should be having corresponding mapping/entry in Spring Security xml. If application development team some how forgot to add that particular entry then I want to restrict access to that URL as Spring by default treat that URL as public and give access. – Ravi Mar 20 '13 at 09:36

0 Answers0