Adding anonymous or guest access

As you have seen in my previous post the access to index.html was restricted. Whenever the user tries to access this page they were redirected to the login page. But this should not be case. The logical index.html page should be accessible to guest users as well as authenticated users.
Turning this on is just a matter of configuration. This is shown in the modified spring-security.xml file.

Listing 1 - spring.security.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<http auto-config='true'>
<intercept-url pattern="/index.html" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
</http>


<authentication-manager>
<authentication-provider>
<user-service>
<user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="bob" password="bobspassword" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>


</beans:beans>

I have now added a new intercept url line.

<intercept-url pattern="/index.html" access="IS_AUTHENTICATED_ANONYMOUSLY" />

This line makes it possible to access index.html as a guest user. Now when you click on any link on the index.html page
you will redirected to the login page in case you have not signed in.

In my next post I will try to get into some theoritical details / framework internals before
proceeding to the next round of coding and adding additional features.