#4 #5 #6

README.md

@@ -2,3 +2,17 @@ coffee_req
 ==========
 
 appengine app to order coffee - ShipIt !
+
+
+IF you want to secure static resources, such as HTML files, the way to do this using Spring MVC is to put them in directory A, and to
+map this location to path B. Then, using Spring Security, path B can be "secured".
+If resources are in path A and SS secures the same path, then when a user tries to reach a resource from the browser, it "confises" spring 
+so the resource is not secured and the resource can be seen.
+
+	<mvc:resources mapping="/secured/**" location="/secured_resources/" />
+
+	<sec:http authentication-manager-ref="authenticationManager">
+	    <sec:intercept-url pattern="/secured/**" access="ROLE_USER" />
+
+
+If you want to secure JSP - this is wasy since it is not "static" resource.

coffee-req/src/main/webapp/WEB-INF/spring-servlet.xml

@@ -27,7 +27,10 @@
 	<sec:debug />
 	 -->
 
+	 <!-- if I want to secure HTMLs, I put them in 'secured_resources', and map it to
+	 'secured', where 'secured' is secured (in http) - ->
 	 <mvc:resources mapping="/secured/**" location="/secured_resources/" />
+	 -->
 
 
 	<sec:http pattern="/login/**" security="none" />
@@ -38,6 +41,7 @@
 
 	<sec:http authentication-manager-ref="authenticationManager">
 	    <sec:intercept-url pattern="/secured/**" access="ROLE_USER" />
+
 		<sec:anonymous />
 
 		<sec:form-login login-page="/login/login.htm"