We have one storefront and multiple site Architecture of hybris.
We have a requirement where we need to have a separate authorization for different site URLS.we are trying to leverage the spring intercept-url patterns and site name added in url (endcoding attribute)for it. our sample url entry looks like ;
<security:intercept-url pattern="/site1/cart" access="hasAnyRole('ROLE_SITE1GROUP')" requires-channel="https" />
OOTB Hybris adds encoding attributes for site,Currency and language and if we add site in our security patterns it is not considered.
Any idea if someone has done this before or know how can we include site in intercept patterns.Kindly help.
Got the answer to my question above.This will not work as hybris filter is adding the sitname/currency/language as part of the contextpath see below code from class : UrlEncodeHttpRequestWrapper
public String getContextPath()
return super.getContextPath() + "/" + pattern;
so getContextpath() will include our sitename.
Spring will ignore anything that is part of conextpath hence it will never filter based on the sitename.