Win a copy of Real-World Software Development: A Project-Driven Guide to Fundamentals in Java this week in the Agile and Other Processes forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Liutauras Vilda
  • Knute Snortum
  • Bear Bibeault
Sheriffs:
  • Devaka Cooray
  • Jeanne Boyarsky
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • salvin francis
Bartenders:
  • Tim Holloway
  • Piet Souris
  • Frits Walraven

Spring security framework with fine grained permissions

 
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How to implement Spring security framework with fine grained permissions?
Working with Eclipse/Tomcat;
Are there any recommended examples around?


Regards
 
ranger
Posts: 17344
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Imre Tokai wrote:How to implement Spring security framework with fine grained permissions?
Working with Eclipse/Tomcat;
Are there any recommended examples around?


Regards



What do you mean by fine grained?

Mark
 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is an example of the idea:
Fine Grained Permissions

How to implement this via Spring security framework? Is there any other idea?

When this module is ready, i want to integrate it to Struts web-application.

This is what i collected so far:
Struts + Spring

Spring Example

Looking forward for your guidelines on this complex issue!


Regards
 
Mark Spritzler
ranger
Posts: 17344
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ah, you mean role-based permissions.

Yes, Spring Security authorization is completely based on role-based permission. It is built in and you have to have it, so it isn't a complex issue at all.

When you define your UserDetailsService you point to where you get the user ad role data and Spring does the rest.

To secure a URL, you use a spring configuration file and define <url-intercept> tags where youd efine the url and the Role the user must have to access that url.

Check out the Spring Security documentation for more.

Mark
 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for you answers, Mark!


Precisely, belove is what i need: check Converting to Permission-Based Security in the pdf, please.
http://greybeardedgeek.net/wordpress/wp-content/uploads/2009/03/spring-security-whitepaper.pdf

There is an example, that i plan to rework, on
http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html?page=1#resources

Haven't used Spring inside of Struts yet, so any guidelines are welcome! I suppose that i can put all together with my Struts app using web.xml


Regards
 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So far, i have been able to set ROLE based permission;

Application Context:



Database:


How to convert attched applicationContext-acegi-security.xml to support fine grained permissions? PERM_?


Regards
 
Mark Spritzler
ranger
Posts: 17344
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First off based on that long xml file, it looks like you aren't using the Spring Security namespace and making it not need all those filter declaration.

If you just add the DelegatingFilterProxy in your web.xml

then you security xml using the security namespace would be something like this



Much simpler.

Mark
 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for persistent help, Mark!


Can you post a simple working example of applicationContext.xml and web.xml that regards your approach, please?
I've found a lot around on the web, but still struggling to put all together...


Regards
 
The overall mission is to change the world. When you've done that, then you can read this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!