jquery-springmvc-jpa icon indicating copy to clipboard operation
jquery-springmvc-jpa copied to clipboard
verified publisher icon Swiip

Spring Security Issue

Open xuyuanme opened this issue 12 years ago • 0 comments

Thanks for your project which helps a lot!

I have a question about the Spring Security part. I tried to modify the applicationContextSecurity.xml file to forbid anonymous user accessing "/data-rest/**" data. The xml looks like:

  <!-- Spring Security main HTTP filter -->
  <http entry-point-ref="http403ForbiddenEntryPoint">
    <!-- The filter is mapped on every request in /rest/** and require a "ROLE_USER" profile -->
    <intercept-url pattern="/rest/**" access="ROLE_USER" />
    <intercept-url pattern="/data-rest/**" access="ROLE_USER" />
    <!-- Remember me mechanism trigger -->
    <remember-me />
  </http>

However, the configuration seems not work. The user can still access URL like "http://localhost:8080/skillbrowser/data-rest/user" without login.

Is this a known bug or I'm doing something wrong?

Best Regards! Yuan

xuyuanme avatar Aug 07 '13 15:08 xuyuanme