Imre Tokai wrote:How to implement Spring security framework with fine grained permissions?
Working with Eclipse/Tomcat;
Are there any recommended examples around?
Yes, Spring Security authorization is completely based on role-based permission. It is built in and you have to have it, so it isn't a complex issue at all.
When you define your UserDetailsService you point to where you get the user ad role data and Spring does the rest.
To secure a URL, you use a spring configuration file and define <url-intercept> tags where youd efine the url and the Role the user must have to access that url.
Check out the Spring Security documentation for more.
First off based on that long xml file, it looks like you aren't using the Spring Security namespace and making it not need all those filter declaration.
If you just add the DelegatingFilterProxy in your web.xml
then you security xml using the security namespace would be something like this
Can you post a simple working example of applicationContext.xml and web.xml that regards your approach, please?
I've found a lot around on the web, but still struggling to put all together...
Regards
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.