Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Spring security framework with fine grained permissions

 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How to implement Spring security framework with fine grained permissions?
Working with Eclipse/Tomcat;
Are there any recommended examples around?


Regards
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Imre Tokai wrote:How to implement Spring security framework with fine grained permissions?
Working with Eclipse/Tomcat;
Are there any recommended examples around?


Regards


What do you mean by fine grained?

Mark
 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is an example of the idea:
Fine Grained Permissions

How to implement this via Spring security framework? Is there any other idea?

When this module is ready, i want to integrate it to Struts web-application.

This is what i collected so far:
Struts + Spring

Spring Example

Looking forward for your guidelines on this complex issue!


Regards
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ah, you mean role-based permissions.

Yes, Spring Security authorization is completely based on role-based permission. It is built in and you have to have it, so it isn't a complex issue at all.

When you define your UserDetailsService you point to where you get the user ad role data and Spring does the rest.

To secure a URL, you use a spring configuration file and define <url-intercept> tags where youd efine the url and the Role the user must have to access that url.

Check out the Spring Security documentation for more.

Mark
 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for you answers, Mark!


Precisely, belove is what i need: check Converting to Permission-Based Security in the pdf, please.
http://greybeardedgeek.net/wordpress/wp-content/uploads/2009/03/spring-security-whitepaper.pdf

There is an example, that i plan to rework, on
http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html?page=1#resources

Haven't used Spring inside of Struts yet, so any guidelines are welcome! I suppose that i can put all together with my Struts app using web.xml


Regards
 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So far, i have been able to set ROLE based permission;

Application Context:



Database:


How to convert attched applicationContext-acegi-security.xml to support fine grained permissions? PERM_?


Regards
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First off based on that long xml file, it looks like you aren't using the Spring Security namespace and making it not need all those filter declaration.

If you just add the DelegatingFilterProxy in your web.xml

then you security xml using the security namespace would be something like this



Much simpler.

Mark
 
Imre Tokai
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for persistent help, Mark!


Can you post a simple working example of applicationContext.xml and web.xml that regards your approach, please?
I've found a lot around on the web, but still struggling to put all together...


Regards
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic