How to force unauthenticated users to a loging page in Grails / Spring Security Plug-in
I think I'm missing a very obvious solution here, but I'll ask anyway. I've got a grails application that uses the Spring Security Plugin for my AAS. I want to start doing daily build and deploys of the application using Hudson onto a test server (running Apache2/Tomcat6) as the ROOT application. When the application goes live, anonymous users will be able to access the site, along with registered users. However, during the testing/development phase I want to restrict users to those who have been invited.
I've created logic to generate an invitation code, and a temporary "login / registration on invite" view to be used during this dev/test phase. Currently I'm using a filter to redirect any non-logged in users to tha开发者_JS百科t view. The problem is the filter is catching any request, so any additional applications (IE Bugzilla), URL's that would normally invoke a 404, etc are also being filtered, and the user is redirected to that same login page, even if they are already authenticated.
I had opted to go the filter route, instead of modifications to Spring Security settings, since this process is only a temporary solution, and I feel it will be much easier to remove at a later date. Is this a good Idea or is really not worth the hassle? What is the proper way to force only users of the application to log-in, but ignore requests to other URLs?
The problem doesn't seem to be in your web-app, hence not in Spring Security. It is probably in the Tomcat or Apache settings. If set up correctly, the request to other context path should never have hit your ROOT web-app in the first place.
精彩评论