Problems with Spring Security

Asked

Viewed 233 times

0

Hello, everyone. I am creating a project using Java EE and as an IDE I am using Eclipse.

In this project, I am using Spring Security to authenticate the login procedure. Only this happens: I created a xhtml page to register new users. Obviously, who accesses this page has no registration, because it is entering this page exactly to create a new register.

In this part, Spring Security serves to prevent users from accessing the internal system pages directly. When someone tries to access an internal page without going through the login screen, Spring automatically redirects the user to the default page. But I want to remove this restriction ONLY FOR THE USERS REGISTRATION PAGE so that any user can access the registration page even without logging in.

Would anyone know any method to perform this procedure?

I’m posting the contents of the file applicationcontext.xml of my project. I believe it is in this file that it is necessary to make some change.

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:beans="http://www.springframework.org/schema/beans"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <beans:bean id="appUserDetailsService"
        class="com.sisRastrbov.security.AppUserDetailsService" />

    <http pattern="/Login.xhtml" security="none" />
    <http pattern="/Erro.xhtml" security="none" />
    <http pattern="/Main.xhtml" security="none" />
    <http pattern="/javax.faces.resource/**" security="none" />

    <http auto-config="false" use-expressions="true">
        <intercept-url pattern="/gado/**" access="hasAnyRole('ADMINISTRADORES')" />
        <intercept-url pattern="/usuario/**" access="hasAnyRole('ADMINISTRADORES','FUNCIONARIOS')" />
        <intercept-url pattern="/tag/**" access="hasAnyRole('ADMINISTRADORES','FUNCIONARIOS')" />
        <intercept-url pattern="/propriedade/**" access="hasAnyRole('ADMINISTRADORES','FUNCIONARIOS')" />
        <intercept-url pattern="/MinhasProp.xhtml" access="hasAnyRole('ADMINISTRADORES','FUNCIONARIOS')" />
        <intercept-url pattern="/area/**" access="hasAnyRole('ADMINISTRADORES','FUNCIONARIOS')" />
        <intercept-url pattern="/Home.xhtml" access="isAuthenticated()" />
        <intercept-url pattern="/Main.xhtml" access="isAuthenticated()" />

        <intercept-url pattern="/**" access="denyAll" />

        <form-login login-page="/Main.xhtml" default-target-url="/Home.xhtml" always-use-default-target="true" authentication-failure-url="/Main.xhtml?invalid=true"/>
        <logout logout-url="/j_spring_security_logout" invalidate-session="true"/>
    </http>


    <authentication-manager>
        <authentication-provider user-service-ref="appUserDetailsService">
            <!-- <password-encoder hash=""/> -->
        </authentication-provider>
    </authentication-manager>

</beans:beans>

Thank you all for posting any reply or suggestion.

java spring-security

1 answer

0

To allow any user to access a specific page you must add the following line:

<intercept-url pattern="/cadastro" access="permitAll"/>

But you have to add after:

<intercept-url pattern="/**" access="denyAll" />

Browser other questions tagged java spring-security

You are not signed in. Login or sign up in order to post.