Showing results for 
Search instead for 
Did you mean: 

Spring Security Intercept patterns for the encoded Url Sitename

Former Member
0 Kudos

Hello experts,

We have one storefront and multiple site Architecture of hybris.

We have a requirement where we need to have a separate authorization for different site URLS.we are trying to leverage the spring intercept-url patterns and site name added in url (endcoding attribute)for it. our sample url entry looks like ;

  <security:intercept-url pattern="/site1/cart" access="hasAnyRole('ROLE_SITE1GROUP')" requires-channel="https" />

OOTB Hybris adds encoding attributes for site,Currency and language and if we add site in our security patterns it is not considered.

Any idea if someone has done this before or know how can we include site in intercept patterns.Kindly help.

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Got the answer to my question above.This will not work as hybris filter is adding the sitname/currency/language as part of the contextpath see below code from class : UrlEncodeHttpRequestWrapper

     public String getContextPath()
             return super.getContextPath() + "/" + pattern;

so getContextpath() will include our sitename.

Spring will ignore anything that is part of conextpath hence it will never filter based on the sitename.

Former Member
0 Kudos

Hi Sagar,

Go through this link once.... it may help you I hope... link text

Best Regards, JSP.