Saturday, March 13, 2010

Adding anonymous or guest access in Spring Security

As you have seen in my previous post the access to index.html was restricted. Whenever the user tries to access this page they were redirected to the login page. But this should not be case. The logical index.html page should be accessible to guest users as well as authenticated users.
Turning this on is just a matter of configuration. This is shown in the modified spring-security.xml file.

Listing 1 - spring.security.xml

I have now added a new intercept url line.

<intercept-url pattern="/index.html" access="IS_AUTHENTICATED_ANONYMOUSLY" />

This line makes it possible to access index.html as a guest user. Now when you click on any link on the index.html page you will be redirected to the login page in case you have not signed in.

In my next post, I will try to get into some theoretical details/framework internals before
proceeding to the next round of coding and adding additional features.

No comments:

Post a Comment