dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #34861
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 17885: Basic auth security, adding /account filters so that user invitations work
------------------------------------------------------------
revno: 17885
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2015-01-05 16:53:54 +0100
message:
Basic auth security, adding /account filters so that user invitations work
modified:
dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2015-01-02 13:41:49 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2015-01-05 15:53:54 +0000
@@ -40,6 +40,11 @@
<sec:custom-filter ref="automaticAccessFilter" before="LOGOUT_FILTER" />
<!-- <sec:custom-filter ref="corsFilter" before="BASIC_AUTH_FILTER" /> -->
+ <sec:intercept-url pattern="/api/account/username" access="permitAll()" />
+ <sec:intercept-url pattern="/api/account/recovery" access="permitAll()" />
+ <sec:intercept-url pattern="/api/account/restore" access="permitAll()" />
+ <sec:intercept-url pattern="/api/account/password" access="permitAll()" />
+ <sec:intercept-url pattern="/api/account" access="permitAll()" />
<sec:intercept-url pattern="/api/**" access="isAuthenticated()" />
</sec:http>
