Problems with Spring Security

Navigation
0

Hello everyone. I'm creating a project using Java EE and as an IDE I'm using Eclipse.

In this project, I'm using Spring Security to authenticate the login procedure. But the following happens: I created an xhtml page to register new users. Obviously, anyone accessing this page does not have a registration, as it is entering this page exactly to create a new registration.

In this part, Spring Security is meant to prevent users from accessing the internal pages of the system directly. When someone tries to access some internal page without going through the login screen, Spring automatically redirects the user to the default page. But I want to remove this restriction ONLY FOR THE USER REGISTRATION PAGE so that any user can access the registration page even without logging in.

Would anyone know of any method to perform this procedure?

I'm posting the content of the applicationcontext.xml file in my project. I believe it is in this file that some change is necessary. 

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:beans="http://www.springframework.org/schema/beans"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <beans:bean id="appUserDetailsService"
        class="com.sisRastrbov.security.AppUserDetailsService" />

    <http pattern="/Login.xhtml" security="none" />
    <http pattern="/Erro.xhtml" security="none" />
    <http pattern="/Main.xhtml" security="none" />
    <http pattern="/javax.faces.resource/**" security="none" />

    <http auto-config="false" use-expressions="true">
        <intercept-url pattern="/gado/**" access="hasAnyRole('ADMINISTRADORES')" />
        <intercept-url pattern="/usuario/**" access="hasAnyRole('ADMINISTRADORES','FUNCIONARIOS')" />
        <intercept-url pattern="/tag/**" access="hasAnyRole('ADMINISTRADORES','FUNCIONARIOS')" />
        <intercept-url pattern="/propriedade/**" access="hasAnyRole('ADMINISTRADORES','FUNCIONARIOS')" />
        <intercept-url pattern="/MinhasProp.xhtml" access="hasAnyRole('ADMINISTRADORES','FUNCIONARIOS')" />
        <intercept-url pattern="/area/**" access="hasAnyRole('ADMINISTRADORES','FUNCIONARIOS')" />
        <intercept-url pattern="/Home.xhtml" access="isAuthenticated()" />
        <intercept-url pattern="/Main.xhtml" access="isAuthenticated()" />

        <intercept-url pattern="/**" access="denyAll" />

        <form-login login-page="/Main.xhtml" default-target-url="/Home.xhtml" always-use-default-target="true" authentication-failure-url="/Main.xhtml?invalid=true"/>
        <logout logout-url="/j_spring_security_logout" invalidate-session="true"/>
    </http>


    <authentication-manager>
        <authentication-provider user-service-ref="appUserDetailsService">
            <!-- <password-encoder hash=""/> -->
        </authentication-provider>
    </authentication-manager>

</beans:beans>

Thank you all for posting any response or suggestion.

    
asked by anonymous 11.10.2016 / 02:14

1 answer

0

To allow any user to access a specific page you must add the following line: 

<intercept-url pattern="/cadastro" access="permitAll"/>

But you have to add after:

<intercept-url pattern="/**" access="denyAll" />

    
02.03.2017 / 20:13
Calling a function together with another displaying photos by Repeater with sql server Using split