David Parks
Reputation: 32071
Spring MVC: How to deny access to any page that doesn't explicitly have a role assigned
I want to ensure all resources have security permissions set, even if that's declaring the resource public (ROLE_ANONYMOUS).
How can I configure Spring MVC to deny any page that has no permissions assigned?
Upvotes: 0
Views: 298
Answers (1)
user683887
Reputation: 1280
Have you tried putting a rule at the end of your file mapping /** to the highest possible role in your scheme?
Upvotes: 1
Related Questions
- Spring Security - How do I block access to any url except a few listed by role?
- Spring Boot MVC non-role based security
- Spring web security restrict only single page
- Restricting access to some page based on permission
- How can I deny access for non-authorized users to any web page
- Spring Security: allow user only to access their own administration page
- Manage Spring Security access page with specific role
- Reject access to specific URLs for all the ROLEs in Spring Security
- spring security 3 - restrict role access to actual user
- Spring Security: Allow page views for all Fully Authenticated users, unless they have a specific role