Using Group Based Access Control in Spring security 3.0
I am working with CAS integration with my web application with Spring security 3.0 framework.I created a secured page which will be accessed only if the user has ROLE_SUPERVISOR role.
When using
"usersByUsernameQuery" value="select username,password,enabled from users where username=?"
Everything worked perfect.when using
"groupAuthoritiesByUsernameQuery"
, am able to retrieve the groups of the user logged in. For example. it says the GRANTED Authorities are Administrators,Supervisors which comes from the group_permission table. But when i try to access the secured page, it is showing ACCESS DENIED. It seems like the actual roles/permisssions which i assigned to the groups (For e.g ROLE_SUPERVISOR to Supervisors) is not reflected or validated properly.
Am i 开发者_如何学Cmissing anything? Please help me out.
I found the answer myself, I am supposed to override this method in my custom jdbcImplentation class
@SuppressWarnings("unchecked")
protected List<GrantedAuthority> loadGroupAuthorities(String username) {
return getJdbcTemplate().query(groupAuthoritiesByUsernameQuery, new String[] {username}, new RowMapper() {
@SuppressWarnings("deprecation")
public Object mapRow(ResultSet rs, int rowNum) throws SQLException {
String roleName = rs.getString("permissionname");
GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName);
return authority;
}
});
}
精彩评论