Spring Security 3.0 - Intercept-URL - All pages require authentication but one
- by gav
Hi All,
I want any user to be able to submit their name to a volunteer form but only administrators to be able to view any other URL. Unfortunately I don't seem to be able to get this correct. My resources.xml are as follows;
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http realm = "BumBumTrain Personnel list requires you to login" auto-config="true" use-expressions="true">
<http-basic/>
<intercept-url pattern="/person/volunteer*" access=""/>
<intercept-url pattern="/**" access="isAuthenticated()" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
Specifically I am trying to achieve the access settings I described via;
<intercept-url pattern="/person/volunteer*" access=""/>
<intercept-url pattern="/**" access="isAuthenticated()" />
Could someone please describe how to use intercept-url to achieve the outcome I've described?
Thanks
Gav