Databases
StackOverflow2013
Postsdbo
POGet Spring Security intercept urls from database or properties
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POGet Spring Security intercept urls from database or properties
    primarykey
    data
    text
    <p>Hopefully this is super simple, exists, and I'm overlooking something right under my nose. I know that I can restrict access via annotations:</p> <pre><code>@Secured({"ROLE_ADMIN"}) </code></pre> <p>or via config:</p> <pre><code>&lt;security:intercept-url pattern="/**" access="ROLE_USER, ROLE_ADMIN, ROLE_SUPER_USER" /&gt; </code></pre> <p>I would prefer to obtain authentication rules from a database, something like:</p> <pre><code>&lt;security:intercept-url provider="authProvider"/&gt; &lt;bean id="authProvider" class="AuthProviderImpl"&gt; &lt;property name="userDetailsService" ref="userDetailsService"/&gt; &lt;/bean&gt; </code></pre> <p>Worst case scenario, there has to be a way to populate via a properties file right?...</p> <p><code>/admin/**=ROLE_ADMIN</code><br> <code>/**=ROLE_USER</code></p> <pre><code>&lt;security:intercept-url props="classpath:urls.properties"/&gt; </code></pre> <p>etc.</p> <p>Please tell me this exists or my brain will explode!!! The Grails spring-security plugin ships with this out of the box so I know this has to exist. Please don't let my brain explode!!!</p> <p>EDIT:</p> <p>Figured it out...</p> <p>You have to provide a custom <code>org.springframework.security.intercept.web.FilterSecurityInterceptor</code> and provide the <code>objectDefinitionSource</code>:</p> <pre><code>&lt;bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"&gt; &lt;security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" /&gt; &lt;property name="authenticationManager" ref="authenticationManager" /&gt; &lt;property name="accessDecisionManager" ref="accessDecisionManager" /&gt; &lt;property name="objectDefinitionSource"&gt; &lt;value&gt; CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**login.html=IS_AUTHENTICATED_ANONYMOUSLY /user/**=ROLE_ADMIN &lt;/value&gt; &lt;/property&gt; &lt;/bean&gt; </code></pre> <p>And I think I'm going to use a FactoryBean:</p> <pre><code>public class RequestMappingFactoryBean implements FactoryBean { private final static String EOL = System.getProperty("line.separator"); public Object getObject() throws Exception { StringBuffer sb = new StringBuffer(); sb.append("CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON"); sb.append(EOL); sb.append("PATTERN_TYPE_APACHE_ANT"); sb.append(EOL); sb.append("/**login.html=IS_AUTHENTICATED_ANONYMOUSLY"); sb.append(EOL); sb.append("/user/**=ROLE_ADMIN"); return sb.toString(); } @SuppressWarnings("unchecked") public Class getObjectType() { return String.class; } public boolean isSingleton() { return true; } } </code></pre> <p>Pass it a DAO, etc.</p> <pre><code>&lt;bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"&gt; &lt;security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" /&gt; &lt;property name="authenticationManager" ref="authenticationManager" /&gt; &lt;property name="accessDecisionManager" ref="accessDecisionManager" /&gt; &lt;property name="objectDefinitionSource" ref="requestMappings" /&gt; &lt;/bean&gt; &lt;bean id="requestMappings" class="RequestMappingFactoryBean" /&gt; </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USDroo
    1. USDroo
    plurals
    1. This table or related slice is empty.
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POGet Spring Security intercept urls from database or properties
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload