Hi all,
I just have an interesting question about the order of URL patterns for
odbjectDefintionSource in FilterSecurityInterceptor. The following is
the original configuration from appfuse's securtity in version 1.9.4
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/clickstreams.jsp*=admin
/flushCache.*=admin
/passwordHint.html*=ROLE_ANONYMOUS,admin,user
/reload.*=admin
/signup.html*=ROLE_ANONYMOUS,admin,user
/users.html*=admin
/**/*.html*=admin,user
</value>
</property>
</bean>
If I change the order of thsoe URL patterns to the following order, for
example, move the /passwordHint.html* after /**/*.html*, the
passwordHint will not be invoked anyhow.
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/clickstreams.jsp*=admin
/flushCache.*=admin
/reload.*=admin
/signup.html*=ROLE_ANONYMOUS,admin,user
/users.html*=admin
/**/*.html*=admin,user
/passwordHint.html*=ROLE_ANONYMOUS,admin,user
</value>
</property>
Can anyone please explain me the mistery there? Is there any specific
order for those URLs to follow in appuse's security configuration?
Best regards,
Haotian Sun
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
