Not too sure what you are trying to accomplish here. If you just want your URL to be protected by a login page, you merely need to specify it in the "filterInvocationInterceptor" bean. You can leave it out from the "channelProcessingFilter".
Make sure that you enter the pattern properly. e.g /userdata/*=ROLE_ADMIN and not /userdata *=ROLE_ADMIN allan Anshu Dhamija wrote: > > Hi All, > > I am facing a security problem > > I am accessing my application through url say > .http:localhost:8080/userdata/1/xyz > > I have specified > > > > <bean id="channelProcessingFilter" > class="org.acegisecurity.securechannel.ChannelProcessingFilter"> > > <property name="channelDecisionManager" > ref="channelDecisionManager"/> > > <property name="filterInvocationDefinitionSource"> > > <value> > > PATTERN_TYPE_APACHE_ANT > > /admin/**=REQUIRES_SECURE_CHANNEL > > /login*=REQUIRES_SECURE_CHANNEL > > /j_security_check*=REQUIRES_SECURE_CHANNEL > > /userdata=REQUIRES_SECURE_CHANNEL > > > > > > <bean id="filterInvocationInterceptor" > class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> > > <property name="authenticationManager" > ref="authenticationManager"/> > > <property name="accessDecisionManager" > ref="accessDecisionManager"/> > > <property name="objectDefinitionSource"> > > <value> > > PATTERN_TYPE_APACHE_ANT > > /admin/*=ROLE_ADMIN > > /userdata *=ROLE_ADMIN > > > > In security.xml > > > > But now if I copy this same url to some other browser then ideally it > should > take me to login screen but it is not happening it takes me to the same > screen > > > > Please help. > > > > Thanx n Regards > > Anshu > > > > > -- View this message in context: http://www.nabble.com/security-concern-tp18273542s2369p18304488.html Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
