One option is to always grant users a role like ROLE_AUTHENTICATED when they log in. Then you protect those areas with that ROLE_AUTHENTICATED role. This role wouldn't exist in your user maintenance screens and what not.
For instance, if you're using the DaoAuthenticationProvider and JdbcDaoImpl; you would extend JdbcDaoImpl and override the addCustomAuthorities method. In your method you always add the ROLE_AUTHENTICATED role to the list. Hope that helps. On 6/12/06, Seth Stankowski <[EMAIL PROTECTED]> wrote: > Within Acegi is there a way to protect a URL in a way that requires > authentication but doesn't require a specific role to access? I have > an application which requires users to login and then access different > things depending on their role. One section of the application, > Manage Account, I would like to be accessible to any authenticated > user so I don't have to manage a role for this specific section. Is > this possible using Acegi? I've tried different things with the > FilterSecurityInterceptor and role voter but can't see to get it. > > Thanks, > Seth > > > _______________________________________________ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
