How do you override the "isAuthenticated" method of SecurityExpressionRoot for an http definition?

Asked Apr 26 '15 at 21:44

Active Apr 26 '15 at 23:38

Viewed 867 times

Using Spring 3.2:

In my spring configuration, have defined a security http element like so:

<sec:http use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint" create-session="stateless" disable-url-rewriting="true">

and among the various sec:intercept-url elements defined inside this element, I also need to have one that looks like so:

<sec:intercept-url pattern="/**" access="isAuthenticated()"/>

However, I would like to overwrite the SecurityExpressionRoot.isAuthenticated() check to only enforce on a basis of whether the incoming requests are coming from a particular set of domains so that when a request comes from domain A, the isAuthenticated check of the super class isn't executed, and when the request comes from domain B, the isAuthenticated check of the super class is indeed executed.

Can anyone help me figure out how to override this?

edited Apr 26 '15 at 23:38

Reg Edit

5,712
1
29
41

asked Apr 26 '15 at 21:44

noisebelt

1

You can try to follow [this](http://stackoverflow.com/a/14142297/592355) to customize SecurityExpresionRoot ...or, when `access="isMyAuthenticated()"` is possible, ...try [this](http://stackoverflow.com/a/6634438/592355) – xerx593 Apr 28 '15 at 19:28

How do you override the "isAuthenticated" method of SecurityExpressionRoot for an http definition?

0 Answers0