java - How can I allow GET requests without authentication but secure other HTTP methods? -


i've created webservice spring roo , added spring security project. works fine far want allow access entities information via http requests without authentication. other http methods post, put etc. should stay secure.

my applicationcontext-security.xml looks following when http on "/releaseupdates/" "accept: application/json" header returns login page (i think spring security redirects login page internally):

 <http auto-config="true" use-expressions="true">         <form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />         <logout logout-url="/resources/j_spring_security_logout" />         <!-- configure these elements secure uris in application -->         <intercept-url pattern="/releaseupdates/**" access="permitall" method="get" />         <intercept-url pattern="/releaseupdates/**" access="hasrole('role_admin')" method="post" />         <intercept-url pattern="/releaseupdatestatuses/**" access="hasrole('role_admin')"/>         <intercept-url pattern="/choices/**" access="hasrole('role_admin')" />         <intercept-url pattern="/member/**" access="isauthenticated()" />         <intercept-url pattern="/resources/**" access="permitall" />         <intercept-url pattern="/login/**" access="permitall" />         <intercept-url pattern="/**" access="isauthenticated()" /> </http>

there annotation @preauthorize friend here. annotation @ class or method level on controllers.

here's example:

@controller @requestmapping("/releaseupdates") public class releaseupdatecontroller {     @requestmapping(method=requestmethod.get)    public string unprotectedgetrequest() {       //do something, no protection    }     @preauthorize("hasrole('role_admin')")    @requestmapping(method=requestmethod.post)    public string securepostrequest() {       //do something, secured    }  }

Comments

Post a Comment

Popular posts from this blog

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get...
Read more

php - Bypass Geo Redirect for specific directories -

i'm trying bypass redirect specific url within site. wondering if might able help. the code below code use, original urls replaces example.com i'd able access http://example.com/admin without redirect occuring. is there way this, , there way using own ip? function country_geo_redirect() { $country = getenv('http_geoip_country_code'); if ($country == "us" ) { wp_redirect("http://usa.example.com/"); exit; } else if ($country == "gb" ) { wp_redirect("http://uk.example.com/"); exit; } } add_action('init', 'country_geo_redirect'); you can bypass redirection code if server found ip address. if ip address == <my ip address> ' nothing here else country_georedirect() end if
Read more

php - .htaccess mod_rewrite for dynamic url which has domain names -

i want convert url ex:( example.com/link.php?url=facebook.com ) ( example.com/facebook.com.php ) how can using .htaccess. or there other process make job easier ? i tried adding script .htaccess file options +followsymlinks rewriteengine on rewriterule url-(.*)\.htm$ link.php?url=$1 but converting url adding "url-" ( example.com/url-facebook.com.php ) i want remove "url-" , want make ( example.com/facebook.com.php ) rewriteengine on rewritecond %{the_request} ^get.*link\.php\?url\= [nc] rewritecond %{request_uri} !/system/.* [nc] rewriterule (.*?)link\.php\?url\=/*(.*) /$1$2 [r=301,ne,l] not sure how above work edit of used use remove index.php url
Read more