Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>There are at least 4 different ways:</p> <h2>spring security XML configuration</h2> <p>this is the easiest way</p> <pre><code>&lt;security:http auto-config="true" use-expressions="true" ...&gt; ... &lt;security:intercept-url pattern="/forAll/**" access="permitAll" /&gt; &lt;security:intercept-url pattern="/**" access="isAuthenticated()" /&gt; &lt;/security:http&gt; </code></pre> <ul> <li>@see <a href="http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#el-common-built-in" rel="noreferrer">Spring Security Reference, Chapter 16.1.1 Common Built-In Expressions</a></li> <li>@see <a href="http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#el-access-web" rel="noreferrer">Spring Security Reference, Chapter 16.2 Web Security Expressions</a></li> </ul> <h2>Per @Secured Annotation</h2> <p>requires <code>&lt;global-method-security secured-annotations="enabled" /&gt;</code></p> <pre><code>@Secured("ROLE_ADMIN") @RequestMapping(params = "onlyForAdmins") public ModelAndView onlyForAdmins() { .... } </code></pre> <h2>Per @PreAuthorize Annotation</h2> <p>requires <code>&lt;global-method-security pre-post-annotations="enabled" /&gt;</code></p> <pre><code> @PreAuthorize("isAuthenticated()") @RequestMapping(params = "onlyForAuthenticated") public ModelAndView onlyForAuthenticatedUsers() { .... } </code></pre> <h2>Programmatic</h2> <pre><code> SecurityContextHolder.getContext().getAuthentication() != null &amp;&amp; SecurityContextHolder.getContext().getAuthentication().isAuthenticated() &amp;&amp; //when Anonymous Authentication is enabled !(SecurityContextHolder.getContext().getAuthentication() instanceof AnonymousAuthenticationToken) </code></pre> <hr> <h2>Custom Expression</h2> <p>If the built-in expressions are not enough, you can extend them. How to extend the SpEL Expressions for the method annotations is discussed for example here:</p> <ul> <li><a href="https://stackoverflow.com/questions/6632982/how-to-create-custom-methods-for-use-in-spring-security-expression-language-anno">How to create custom methods for use in spring security expression language annotations</a></li> <li><a href="http://bmchild.blogspot.de/2012/02/creating-custom-regex-spring-security.html" rel="noreferrer">http://bmchild.blogspot.de/2012/02/creating-custom-regex-spring-security.html</a></li> </ul> <p>But for the interceptor <code>&lt;security:intercept-url ... access="myCustomAuthenticatedExpression" /&gt;</code> there is a slightly different approach possible, that does not need to deal with the private class problem. -- <em>I have only done it for Spring Security 3.0, but I hope it works for 3.1 too.</em></p> <p>1.) you need to create a new class that extends from <code>WebSecurityExpressionRoot</code> (Prefix Web is the important part!).</p> <pre><code>public class MyCustomWebSecurityExpressionRoot extends WebSecurityExpressionRoot { public MyCustomWebSecurityExpressionRoot(Authentication a, FilterInvocation f) { super(a, f); } /** That method is the one that does the expression evaluation! */ public boolean myCustomAuthenticatedExpression() { return super.request.getSession().getValue("myFlag") != null; } } </code></pre> <p>2.) you need a extend the <code>DefaultWebSecurityExpressionRootHandler</code> to have a handler that provides your custom expression root</p> <pre><code> public class MyCustomWebSecurityExpressionHandler extends DefaultWebSecurityExpressionHandler { @Override public EvaluationContext createEvaluationContext(Authentication a, FilterInvocation f) { StandardEvaluationContext ctx = (StandardEvaluationContext) super.createEvaluationContext(a, f); WebSecurityExpressionRoot myRoot = new MyCustomWebSecurityExpressionRoot(a, f); ctx.setRootObject(myRoot); return ctx; } } </code></pre> <p>3.) Then you need to register your handler with the voters</p> <pre><code>&lt;security:http use-expressions="true" access-decision-manager-ref="httpAccessDecisionManager" ...&gt; ... &lt;security:intercept-url pattern="/restricted/**" access="myCustomAuthenticatedExpression" /&gt; ... &lt;/security:http&gt; &lt;bean id="httpAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"&gt; &lt;constructor-arg name="decisionVoters"&gt; &lt;list&gt; &lt;ref bean="webExpressionVoter" /&gt; &lt;/list&gt; &lt;/constructor-arg&gt; &lt;/bean&gt; &lt;bean id="webExpressionVoter" class="org.springframework.security.web.access.expression.WebExpressionVoter"&gt; &lt;property name="expressionHandler" ref="myCustomWebSecurityExpressionHandler" /&gt; &lt;/bean&gt; &lt;bean id="myCustomWebSecurityExpressionHandler" class="MyCustomWebSecurityExpressionHandler" /&gt; </code></pre> <p><strong>Spring Security 3.1 Update</strong></p> <p>Since Spring Security 3.1 it is a bit easier to implement a custom expression. One does not longer need to sublcass <code>WebSecurityExpressionHandler</code> and override <code>createEvaluationContext</code>. Instead one sublass <code>AbstractSecurityExpressionHandler&lt;FilterInvocation&gt;</code> or its subclass <code>DefaultWebSecurityExpressionHandler</code> and override <code>SecurityExpressionOperations createSecurityExpressionRoot(final Authentication a, final FilterInvocation f)</code>.</p> <pre><code> public class MyCustomWebSecurityExpressionHandler extends DefaultWebSecurityExpressionHandler { @Override public SecurityExpressionOperations createSecurityExpressionRoot( Authentication a, FilterInvocation f) { WebSecurityExpressionRoot myRoot = new MyCustomWebSecurityExpressionRoot(a, f); myRoot.setPermissionEvaluator(getPermissionEvaluator()); myRoot.setTrustResolver(this.trustResolver); myRoot.setRoleHierarchy(getRoleHierarchy()); return myRoot; } } </code></pre>
    singulars
    1. This table or related slice is empty.
    1. POSpring MVC - Checking if User is already logged in via Spring Security?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USCommunity
    1. USRalph
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POSpring MVC - Checking if User is already logged in via Spring Security?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COIf we do this: <security:intercept-url pattern="/**" access="isAuthenticated()" /> **Where do i implement the isAuthenticated() method** - i will have to provide the implementation for this since i am handling the sessions completely (not spring security)?
      singulars
      1. PO
      1. USJasper
    2. CO@Jasper: this method is already implement by spring security
      singulars
      1. PO
      1. USRalph
    3. CO@Jasper: I have attached two links to spring security reference that list that already build in functions.
      singulars
      1. PO
      1. USRalph
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload