1

I am using the spring security for the authentication of my web application. I could successfully use it by configuring as follows:

<http auto-config='true'>
    <intercept-url pattern="/Login" filters="none" access="ROLE_USER"/>
    <form-login login-page='/Login' authentication-failure-url="/Login/Failure" 
        default-target-url="/Url"/>
</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
           <user name="admin" password="admin" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>

The above code working fine for if I directly login from the login page. If one of the user is accessing the different url which is not the login page. Now I want to restrict the user to access any direct url without login to the system first time.

How can i do that?

Krishna
  • 7,154
  • 16
  • 68
  • 80

1 Answers1

2

You need to change the intercept rule to:

<intercept-url pattern="/**" filters="none" access="ROLE_USER"/>

You might also have to exlude the login page from the auth requirement. Because a user does not have to login in order to see the login page. You can do that by adding:

<intercept-url pattern="/Login" filters="none"/>
nfechner
  • 17,295
  • 7
  • 45
  • 64
  • no..its not working. It is going in the infinite loop when a change to the above line. Please provide if you have suggestions – Krishna Jun 04 '12 at 06:31
  • 1
    Please read my updated answer. You need to add an additional rule to exclude the login page. – nfechner Jun 04 '12 at 06:33
  • Just a note. `filters="none"` is not recommended in spring 3.0 as it completely skips the filter chain, thus bypassing security. Also it won't work on spring 3.1. You should use `access="permitAll"` instead. – Simeon Jun 04 '12 at 10:45
  • Another thing `filters="none"` will not work on the `/**` pattern in any spring security version. This is why http://stackoverflow.com/questions/6216160/how-to-unsecure-url-pattern-in-spring-security – Simeon Jun 04 '12 at 10:47