eztam :
I want to allow only requests from localhost for a specific URL pattern. I tried this so far:
<sec:intercept-url pattern="/blabla/**" access="hasIpAddress('127.0.0.1')" />
But this isn't working and I got the following statement in the log output:
Access is denied (user is anonymous); redirecting to authentication entry point
So my question is, how do I allow anonymous user access from localhost only?
davrog10 :
Is it possible to express this and() relation in XML based configuration?
As per documentation here https://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html below should work.
Here we have defined that the “blabla” area of an application (defined by the URL pattern) should only be available to anonymous users whose IP address matches 127.0.0.1.
<sec:intercept-url pattern="/blabla/**"
access="isAnonymous() and hasIpAddress('127.0.0.1')"/>