How to grant access for all authenticated users?
-
23-08-2019 - |
Question
Need to grant access to users without any role using Spring Security. Anyone how process authentication must be granted to access any URL. So can I do that by something like this or may be somehow else?
<http auto-config='true'>
<intercept-url pattern="/**" access="ALL" />
<intercept-url pattern="/login.jsp" filters="none" />
<form-login login-page="/login.jsp" />
</http>
Solution
you are probably looking for IS_AUTHENTICATED_FULLY or IS_AUTHENTICATED_REMEMBERED or IS_AUTHENTICATED_ANONYMOUSLY
also check http://www.acegisecurity.org/acegi-security/apidocs/org/acegisecurity/vote/AuthenticatedVoter.html
OTHER TIPS
Actually you just need to create your own AccessDecisionManager, and your own AccessDecisionVoter(s) and pass them into the block like this:
<http .... access-decsion-manager="myAccessManager">
.....
</http>
<bean id="myAccessManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<bean id="myVoter" class=[some subclass of AccessDecisionVoter] />
</list>
</property>
</bean>
This is not the 100% solution, but it should get you started on the right path. The "auto-config" setup in Spring Security creates a lot of these classes in the background, and automatically loads them if there are no other beans of the correct classes available.