GeeCON Prague 2014*
The moose likes Spring and the fly likes Spring security framework with fine grained permissions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring security framework with fine grained permissions" Watch "Spring security framework with fine grained permissions" New topic
Author

Spring security framework with fine grained permissions

Imre Tokai
Ranch Hand

Joined: Jun 04, 2008
Posts: 130
How to implement Spring security framework with fine grained permissions?
Working with Eclipse/Tomcat;
Are there any recommended examples around?


Regards
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

Imre Tokai wrote:How to implement Spring security framework with fine grained permissions?
Working with Eclipse/Tomcat;
Are there any recommended examples around?


Regards


What do you mean by fine grained?

Mark


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
Imre Tokai
Ranch Hand

Joined: Jun 04, 2008
Posts: 130
Here is an example of the idea:
Fine Grained Permissions

How to implement this via Spring security framework? Is there any other idea?

When this module is ready, i want to integrate it to Struts web-application.

This is what i collected so far:
Struts + Spring

Spring Example

Looking forward for your guidelines on this complex issue!


Regards
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

Ah, you mean role-based permissions.

Yes, Spring Security authorization is completely based on role-based permission. It is built in and you have to have it, so it isn't a complex issue at all.

When you define your UserDetailsService you point to where you get the user ad role data and Spring does the rest.

To secure a URL, you use a spring configuration file and define <url-intercept> tags where youd efine the url and the Role the user must have to access that url.

Check out the Spring Security documentation for more.

Mark
Imre Tokai
Ranch Hand

Joined: Jun 04, 2008
Posts: 130
Thank you for you answers, Mark!


Precisely, belove is what i need: check Converting to Permission-Based Security in the pdf, please.
http://greybeardedgeek.net/wordpress/wp-content/uploads/2009/03/spring-security-whitepaper.pdf

There is an example, that i plan to rework, on
http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html?page=1#resources

Haven't used Spring inside of Struts yet, so any guidelines are welcome! I suppose that i can put all together with my Struts app using web.xml


Regards
Imre Tokai
Ranch Hand

Joined: Jun 04, 2008
Posts: 130
So far, i have been able to set ROLE based permission;

Application Context:



Database:


How to convert attched applicationContext-acegi-security.xml to support fine grained permissions? PERM_?


Regards
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

First off based on that long xml file, it looks like you aren't using the Spring Security namespace and making it not need all those filter declaration.

If you just add the DelegatingFilterProxy in your web.xml

then you security xml using the security namespace would be something like this



Much simpler.

Mark
Imre Tokai
Ranch Hand

Joined: Jun 04, 2008
Posts: 130
Thanks for persistent help, Mark!


Can you post a simple working example of applicationContext.xml and web.xml that regards your approach, please?
I've found a lot around on the web, but still struggling to put all together...


Regards
 
GeeCON Prague 2014
 
subject: Spring security framework with fine grained permissions