This week's book giveaway is in the Game Development forum.
We're giving away four copies of Badass: Making Users Awesome and have Kathy Sierra on-line!
See this thread for details.
The moose likes Spring and the fly likes Toggling spring security on/off at runtime Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Badass: Making Users Awesome this week in the Game Development forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Toggling spring security on/off at runtime" Watch "Toggling spring security on/off at runtime" New topic

Toggling spring security on/off at runtime

Tapio Niemela
Ranch Hand

Joined: Jan 06, 2006
Posts: 77

I've been struggling configuring spring security for too many hours. What I'm trying to accomplish is that authentication process could be toggled on/off at runtime. My idea was that I could extend FilterSecurityInterceptor and override it's doFilter-method to check whether authentication is "enabled"..(yes I know security shouldn't probably be toggled on/off at runtime..)

However, I'm in trouble figuring out how security namespace and "traditional" bean configurations mix..Or do they mix at all?

I've tried to provide bean with id 'filterSecurityInterceptor'. As far as I'm concerned this is the way it should be, right? I mean that those security namespace auto-created beans should/could be overriden in spring.xml with specific id, sort of callback...Or are I'm lost here? Anyhow if that's not the case, I can give custom-filter in position 'FilterSecurityInterceptor' to http-element. But that doesn't seem to work either...filterSecurityInterceptor requires something called 'securityMetadataSource' which in turns seems to be related to sec:http-element / intercept-url -mapping..However, If I don't use security namespace config, do I really need to make all bean definitions by hand? That doesn't sound right either..

big thanks in advance for all replies
I agree. Here's the link:
subject: Toggling spring security on/off at runtime