StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POBest practices for entitlement using spring security and/or shiro
primarykey
Id
6019331
data
AcceptedAnswerId
17222815
AnswerCount
1
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2011-05-16T15:04:36.943
FavoriteCount
3
LastActivityDate
2013-06-20T20:29:44.520
LastEditDate
LastEditorUserId
0
OwnerUserId
436820
ParentId
0
PostTypeId
1
Score
2
ViewCount
2375
LastEditorDisplayName
text
Body
I'm interested in opinions on the best way to handle the concept of "entitlement" using either Spring Security or Shiro. For example, imagine, say, a JAX-RS endpoint that has a signature like this: <pre><code>AccountDetails getAccountDetails(String accountId); </code></pre> Using Spring Security, I might annotate an implementation like: <pre><code>@Secured(AUTHORIZED_USER) public AccountDetails getAccountDetails(String accountId) { ... } </code></pre> or using Shiro, <pre><code>@RequiresAuthentication public AccountDetails getAccountDetails(String accountId) { ... } </code></pre> What I am looking for, however, is some recommendations on "best practices" for how to ensure that the user has permission to access the particular account id (which I think is called "entitlement management"). I could imagine a couple of different approaches: <pre><code>@Secured(AUTHORIZED_USER) @AccountEntitled public AccountDetails getAccountDetails(@Account String accountId) { ... } </code></pre> (which strikes me as not completely straightforward using Spring Security, but I'd love to be wrong). Or, I could imagine introducing an <code>AccountId</code> domain object, and a factory which will only succeed in turning a <code>String</code> into an <code>AccountId</code> if the principle held by the current security context allows that users to see that account. But that starts to get a bit messy. On the whole, I don't want to invent new concepts here; this seems like bread & butter stuff, but I've not had much luck finding credible recommendations around best practices here. Thanks for any suggestions.
Tags
<java><spring-security><shiro>
Title
Best practices for entitlement using spring security and/or shiro
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USEric Bowman - abstracto -
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POBest practices for entitlement using spring security and/or shiro
 UserUserId
 USsourcedelica
 VoteTypeVoteTypeId
 VTFavorite
2. VO
 singulars
 PostPostId
 POBest practices for entitlement using spring security and/or shiro
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POBest practices for entitlement using spring security and/or shiro
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.