Home/ Questions/Q 7854823
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T20:11:57+00:00

<security:intercept-url pattern=/person/** access=isAuthenticated() /> <security:intercept-url pattern=/person?reg access=isAnonymous() /> I want for filter to intercept

  • 0
    <security:intercept-url pattern="/person/**" 
        access="isAuthenticated()" />   


    <security:intercept-url pattern="/person?reg"
        access="isAnonymous()" />

I want for filter to intercept all of the requests that are /person/blabla etc.
But there should be a single one available to anonymous users to register themself.

Whenever I introduce the first rule all sub requests are protected including the bottom one which is not what is required.

If I don’t introduce first then the bottom request is allowed, but also all subsequent requests such as /person/myProfile can be accessed by anonymous user.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    From the Spring Security docs:

    You can use multiple elements to define different access requirements for different sets of URLs, but they will be evaluated in the order listed and the first match will be used. So you must put the most specific matches at the top.

    Also, spring uses ant-style pattern matching by default, which doesn’t include the parameters when trying to make a match. You’re wanting to also match on whether or not a parameter exists. In order to do that, you’re going to need to set regex matching via the request-matcher attribute on http.

    <http request-matcher="regex">
  <security:intercept-url pattern="\A/person\?reg.*\Z" access="isAnonymous()" />

  <security:intercept-url pattern="\A/person/.*\Z" access="isAuthenticated()" />
</http>
    • 0