Reputation: 1209
Spring security - allow navigation but protecting some pages
I would like to allow the user to navigate through the site but restrict access to some operations/pages where he must be logged in to do so. How do I achieve this using spring security configuration?
I'm not sure if spring security is the way though.
Upvotes: 0
Views: 417
Answers (1)
Reputation: 4184
within your spring security configuration, you can do something like this:
<intercept-url pattern="/admin/**" access="ROLE_ADMIN" requires-channel="https" /> <intercept-url pattern="/secure/**" access="ROLE_USER, ROLE_ADMIN" requires-channel="https" /> <intercept-url pattern="/**" access="permitAll" requires-channel="any" />
Then prefix all of your protected pages with /secure/. This will allow people to navigate the entire site except pages in /secure/ and /admin/
Also, instead of ROLE_USER, you can use IS_AUTHENTICATED_FULLY (as opposed to IS_AUTHENTICATED_REMEMBERED or IS_AUTHENTICATED_ANONYMOUSLY)
The requires-channel is only if you are using https, which you should be if you are trying to protect content.
Upvotes: 1
Related Questions
- Enable Spring security by specific route
- Spring web security restrict only single page
- Protect Spring web MVC app with Spring security and error pages in a web.xml
- Restricting access to some page based on permission
- How to secure selected pages in web application
- How to secure an included page with Spring security
- restrict user to authenticate before viewing pages using spring security java
- Spring mvc / security : excluding the login page from spring security
- Spring security navigation to other pages after user is logged in
- Spring Security: Allow page views for all Fully Authenticated users, unless they have a specific role