Shubham Dixit
Reputation: 1
Spring Security Url Pattern is not working
This is my web.xml
<filter>
<display-name>springSecurityFilterChain</display-name>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
This is my security-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user authorities="admin" name="logan"
password="user" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<security:http use-expressions="true">
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/admin/*" access="denyAll" />
<security:form-login />
</security:http>
</beans>
I dont know why I am still able to access all the things after /admin ,like /admin/home is redirecting me to the dashboard instead of redirecting me to the login page ,how does this work ?? I am fairly new to spring.
Upvotes: 0
Views: 715
Answers (2)
Guru
Reputation: 1883
Do you include the file in web.xml like:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>
You could also try adding /* in url pattern:
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Upvotes: 1
xerx593
Reputation: 13261
It's still a guess, but I think "just" adding an "asterix" * to filter-mapping, could fix the issue:
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
?
Cewl, it also means you did everything else correct... on "how" & "why" (it is something web.xml/servlet spec specific ...assuming 3.0):
- The servlet spec
- ...and some web.xml doc
Upvotes: 1
Related Questions
- URL Pattern with Spring MVC and Spring Security
- Spring Security Not applied with my Urls
- Spring Security Intercept-url pattern not working
- spring security ignores authentication-failure-url
- cannot set Spring security for all url
- Spring security url-interceptor
- How to secure URLs using Spring security?
- spring-security is not working as expected
- j_spring_security_check not invoke when use specific url pattern in http element
- Spring security issue with 404 error?