Reputation: 712
I have mapped the static resources in my application in spring's configuration xml like this
<mvc:resources mapping="/resources/**" location="/WEB-INF/resources/" />
Now i want that only users who have authentication and authorization can only access images in that folder as far as authentication is concerned i 've achieved that through spring security like this
<sec:intercept-url pattern="/resources/**" access="isAuthenticated()" />
but i dont want authenticated user to access all of the images in that folder he can access only a subset of images stored in that folder based on certain boundations so what i want that for every request to the image done by the user i want to perform security check whether he is permitted to visit that particular image How To Do that ???
Upvotes: 1
Views: 664
Reputation: 10339
The simplest solution is to move all non-secured images into a separate folder and to make the folder not secured:
<!-- This line BEFORE resources/** pattern -->
<sec:intercept-url pattern="/resources/nonsecuredimages/**" access="permitAll"/>
<sec:intercept-url pattern="/resources/**" access="isAuthenticated()" />
Upvotes: 1