Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Extract security configurations from web.xml to external tool? How to?

 
Stanley Walker
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI,

My question is how do i avoid mentioning authorization parameters in deployment descriptors, eg how do i perform authorization checks without mentioning security role, security constraints? is there any way in which i can extract the security configurations done in web.xml and configure the same in some tool?
The reason i want to do that are:

1. in a typical application there may be close to 200 url patterns, and multiple security roles. It becomes a very difficult task to rely only on the web.xml parameters.
2. i would also like the capability to alter role access mappings without making any changes in the applications. eg. customer role has access to /Buy.jsp , i also want to grant access to dealer role to /buy.jsp or may be even prevent customer role from accessing /buy.jsp
3. i also do not want to rely heavily on programmatic security because it may end up causing code changes eg: isUserInRole('CUSTOMER') may be required to change to isUserInRole('CUSTOMER')||isUserInRole('DEALER')

Are there any tools available in the market which can meet my needs?

Any help in this matter will be greatly appreciated.
 
manjesh ipp
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Take a look at Apache product
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic