I have the following definition...
<bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<property name="objectDefinitionSource">
<sec:filter-invocation-definition-source >
<sec:intercept-url pattern="/secure/css/**" access="ROLE_TIER0"/>
<sec:intercept-url pattern="/secure/images/**" access="ROLE_TIER0"/>
<sec:intercept-url pattern="/**" access="ROLE_TIER0"/>
</sec:filter-invocation-definition-source>
</property>
</bean>
I'd like to have the resources on this url...
"/nonSecure/**"
Open to all calls, i.e. no security around it.
I've tried adding ...
<sec:intercept-url pattern="/nonsecure/**" access="permitAll" />
But this causes Websphere to throw an error about
Unsupported configuration attributes: [permitAll]
Can anyone tell me how to exclude this URL from security?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…