wood burning stoves 2.0*
The moose likes Spring and the fly likes Toggling spring security on/off at runtime Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Toggling spring security on/off at runtime" Watch "Toggling spring security on/off at runtime" New topic
Author

Toggling spring security on/off at runtime

Tapio Niemela
Ranch Hand

Joined: Jan 06, 2006
Posts: 77
hello,

I've been struggling configuring spring security for too many hours. What I'm trying to accomplish is that authentication process could be toggled on/off at runtime. My idea was that I could extend FilterSecurityInterceptor and override it's doFilter-method to check whether authentication is "enabled"..(yes I know security shouldn't probably be toggled on/off at runtime..)

However, I'm in trouble figuring out how security namespace and "traditional" bean configurations mix..Or do they mix at all?

I've tried to provide bean with id 'filterSecurityInterceptor'. As far as I'm concerned this is the way it should be, right? I mean that those security namespace auto-created beans should/could be overriden in spring.xml with specific id, sort of callback...Or are I'm lost here? Anyhow if that's not the case, I can give custom-filter in position 'FilterSecurityInterceptor' to http-element. But that doesn't seem to work either...filterSecurityInterceptor requires something called 'securityMetadataSource' which in turns seems to be related to sec:http-element / intercept-url -mapping..However, If I don't use security namespace config, do I really need to make all bean definitions by hand? That doesn't sound right either..



big thanks in advance for all replies
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Toggling spring security on/off at runtime
 
Similar Threads
Spring Security: Authorization with out Authentication
Struggling with Acegi authentication....
“j_spring_security_check” not found after configuring spring security without http namespace
No AuthenticationEntryPoint could be established
AccessDeniedExceptionHandler handle method never called