What is the intercept-url pattern and why do we need it?

1.	What is the intercept-url pattern and why do we need it?
Answer» <Intercept-url&GT; is used to configure authorizations or access-controls in a Spring Security application. It is used to RESTRICT access to a particular URL. The majority of WEB applications using Spring Security usually have just a few intercept-URLs because their security needs are quite less. Example: Basic Spring security using intercept URL <http realm="Example" use-expressions="false"> <intercept-url PATTERN="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <intercept-url pattern="/admin/" access="ROLE_ADMIN"/> <intercept-url pattern="/trade/" access="ROLE_TRADER"/> <intercept-url pattern="/*" access="ROLE_USER,ROLE_ADMIN,ROLE_TRADER"/> <http-basic/> In this case, index.jsp and admin.jsp can be accessed without authentication. ANYTHING with admin in the URL requires ROLE_ADMIN access, and anything with trade in the URL requires ROLE_TRADER access.

Answer»

<Intercept-url&GT; is used to configure authorizations or access-controls in a Spring Security application. It is used to RESTRICT access to a particular URL. The majority of WEB applications using Spring Security usually have just a few intercept-URLs because their security needs are quite less.

Example: Basic Spring security using intercept URL

In this case, index.jsp and admin.jsp can be accessed without authentication. ANYTHING with admin in the URL requires ROLE_ADMIN access, and anything with trade in the URL requires ROLE_TRADER access.

What is the intercept-url pattern and why do we need it?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment