Refined the url pattern for perform_login, remove permitAll (it's not needed, works either way)

2016-04-24 20:48:07 +01:00 · 2016-04-24 20:48:07 +01:00 · cddd15019c
parent c042617936
commit cddd15019c
2 changed files with 3 additions and 3 deletions
--- a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@ -39,7 +39,7 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
        .anyRequest().authenticated()
        .and()
        //.requiresChannel()
-        //.antMatchers("/login*", "/perform_log*").requiresSecure()
+        //.antMatchers("/login*", "/perform_login").requiresSecure()
        //.anyRequest().requiresInsecure()
        //.and()
        //.sessionManagement()
--- a/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
@ -14,12 +14,12 @@
        <!--
        <intercept-url pattern="/anonymous*" access="isAnonymous()" requires-channel="http"/>
        <intercept-url pattern="/login*" access="permitAll" requires-channel="https"/>
-        <intercept-url pattern="/perform_log*" access="permitAll" requires-channel="https"/>
+        <intercept-url pattern="/perform_login" requires-channel="https"/>
        <intercept-url pattern="/**" access="isAuthenticated()" requires-channel="http"/>
        -->

        <csrf disabled="true"/>
-        
+
        <form-login login-page='/login.html' login-processing-url="/perform_login" default-target-url="/homepage.html" authentication-failure-url="/login.html?error=true"
            always-use-default-target="true"/>