开发者

Using Group Based Access Control in Spring security 3.0

I am working with CAS integration with my web application with Spring security 3.0 framework.I created a secured page which will be accessed only if the user has ROLE_SUPERVISOR role.

  1. When using "usersByUsernameQuery" value="select username,password,enabled from users where username=?" Everything worked perfect.

  2. when using "groupAuthoritiesByUsernameQuery", am able to retrieve the groups of the user logged in. For example. it says the GRANTED Authorities are Administrators,Supervisors which comes from the group_permission table. But when i try to access the secured page, it is showing ACCESS DENIED. It seems like the actual roles/permisssions which i assigned to the groups (For e.g ROLE_SUPERVISOR to Supervisors) is not reflected or validated properly.

Am i 开发者_如何学Cmissing anything? Please help me out.


I found the answer myself, I am supposed to override this method in my custom jdbcImplentation class

@SuppressWarnings("unchecked")
protected List<GrantedAuthority> loadGroupAuthorities(String username) {
    return getJdbcTemplate().query(groupAuthoritiesByUsernameQuery, new String[] {username}, new RowMapper() {
        @SuppressWarnings("deprecation")
        public Object mapRow(ResultSet rs, int rowNum) throws SQLException {
             String roleName = rs.getString("permissionname");
             GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName);
             return authority;
        }
    });
}
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜