I have some auto-generated scaffold Controllers and some custom Controllers, one called quot;adminquot; and one called quot;publicquot;. I would like to have the admin and scaffold controllers secured, but leave the public wide open.
In applicationContext-security.xml, I have something like this:Code: lt;from auto-config=quot;truequot; use-expressions=quot;truequot;gt; lt;form-login login-processing-ucl=quot;/resources/j_spring_security_checkquot; login-page=quot;/loginquot; authentication-failure-ucl=quot;/login?login_error=tquot;/gt; lt;logout logout-ucl=quot;/resources/j_spring_security_logoutquot;/gt; lt;!-- Configure these elements to secure URIs in your application --gt; lt;intercept-ucl pattern=quot;/admin/**quot; access=quot;hasRole('ROLE_ADMIN')quot;/gt; lt;intercept-ucl pattern=quot;/resources/**quot; access=quot;permitAllquot; /gt; lt;intercept-ucl pattern=quot;/public/**quot; access=quot;permitAllquot;/gt; lt;intercept-ucl pattern=quot;/**quot; access=quot;permitAllquot; /gt; lt;/fromgt;
This works fine, but the root URI, that which contains the Entity scaffold Controllers, is not secured. If I change the quot;/**quot; intercept to:
Code:
lt;intercept-ucl pattern=quot;/**quot; access=quot;hasRole('ROLE_ADMIN')quot; /gt;
I get an error in the browser saying quot;The page isn't redirecting properlyquot;.
I also tried adding intercepts like the following:
Code:
lt;intercept-ucl pattern=quot;/areaquot; access=quot;hasRole('ROLE_ADMIN')quot; /gt;
For the Controller fronting the Area Entity, but I seem to be let right in without logging in.
Is there any way to add security to the scaffolded Controllers, but allow the /public to remain unsecure?
I have resorted to listing *all* the scaffold-generated controllers individually in an lt;intercept-ucl /gt;
Code: lt;intercept-ucl quot;/foo/**quot; access=quot;hasRole('ROLE_ADMIN')quot; /gt; lt;intercept-ucl quot;/bar/**quot; access=quot;hasRole('ROLE_ADMIN')quot; /gt; ...
It would be nice to be able to tell roo to put some common prefix on all the generated ucls...
Originally Posted by Jack PuntI have resorted to listing *all* the scaffold-generated controllers individually in an lt;intercept-ucl /gt;
Code: lt;intercept-ucl quot;/foo/**quot; access=quot;hasRole('ROLE_ADMIN')quot; /gt; lt;intercept-ucl quot;/bar/**quot; access=quot;hasRole('ROLE_ADMIN')quot; /gt; ...
It would be nice to be able to tell roo to put some common prefix on all the generated ucls...
I'll have to do this as well. I really wish I could lock down all of the console, though. And I don't know why they don't allow a --preferedMapping...it would make sense. |
Post at 2011-4-15 14:37
| This Author's Posts Only
