0

I have a web app which uses spring security basic authentication .

So now if i hit the url.. server sends a 401 and my browser show the username/password popup.

Every thing is fine.

But now i want that a user can login and can change the access as anonymous i.e.

If now user hit the url he/she will be directly able to see the content without 401 or a redirect

How to do that since xml is hardcoded ?

Bhuvan
  • 4,028
  • 6
  • 42
  • 84
  • take a look http://stackoverflow.com/questions/6893061/how-to-dynamically-decide-intercept-url-access-attribute-value-in-spring-secur – Georgy Gobozov Nov 26 '13 at 10:57
  • Not sure I understood the question, but that's the way basic authentication works. The user has to close and reopen the browser to see a new login dialog. – Henry Nov 26 '13 at 11:06
  • @Henry which part you dont understand – Bhuvan Nov 26 '13 at 11:07
  • @user2410148 what you mean by "change the access as anonymous" – Henry Nov 26 '13 at 11:10
  • @Henry means a user login and tick the checkbox which says "remove security" or "don't do authentication" – Bhuvan Nov 26 '13 at 11:13
  • I don't think you can do this out of the box. But Spring Security is highly customizable. With a few lines of Java code you should be able to achieve what you want. – Henry Nov 26 '13 at 11:19

1 Answers1

0

Not sure if I got it right but what you want can be done with separating your "dynamic part" into some URL subtree (i.e. "/dynamic/**") and permitting everyone to access this part with single filter rule.

maxnx
  • 106
  • 3