5

Following the answer here I have attempted to allow a public page on my website, however it doesn't seem to work. As it redirects to the login page. If however I change to filters=none it works, and the page is viewable with no redirect.

My appContext.xml looks like this(when it doesn't work), /MyPath the relevant section :

<security:intercept-url pattern="/**" access="ROLE_USER" />
<security:intercept-url pattern="/Admin/**" access="ROLE_ADMIN" />
<security:intercept-url pattern="/MyPath/**" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED" />

This works but I need the security functionality so can not use it :

<security:intercept-url pattern="/**" access="ROLE_USER" />
<security:intercept-url pattern="/Admin/**" access="ROLE_ADMIN" />
<security:intercept-url pattern="/MyPath/**" filters="none" />
Community
  • 1
  • 1
NimChimpsky
  • 46,453
  • 60
  • 198
  • 311
  • 2
    Note that `filters="none"` seems to have been deprecated in Spring 3.1.0: http://stackoverflow.com/a/5382178/521799 – Lukas Eder Oct 09 '12 at 12:04

1 Answers1

6

Assuming you're using the latest version, you can probably stick with the simpler form of anonymous user specification if you don't need to tell "how" the user was authenticated anonymously.

Here's a link to the doc section

Excepting that, I think your issue is the ordering. Order does matter and you have the least restrictive pattern first. Try turning them around.

You can use multiple elements to define different access requirements for different sets of URLs, but they will be evaluated in the order listed and the first match will be used. So you must put the most specific matches at the top. You can also add a method attribute to limit the match to a particular HTTP method (GET, POST, PUT etc.). If a request matches multiple patterns, the method-specific match will take precedence regardless of ordering.

From here

Troy Kelley
  • 114
  • 4