Defining Spring Security user roles
I am going to design an application which authenticates user from another application . Basically my application is going to get only if the user is authenticated (true or false) and the user role .
Can I use spring security to make use of this role and give fine grained control ?
Basically , I do not want to use sp开发者_开发技巧ring security for authentication , but for authorization.
If this is possible , can you point me to any example or documentation ?
Thank you.
if I understand you right you want to look if a user is already authenticated in another application and if so you want to authorize the user in your new application?
I think what you can do is apply a custom authentication filter in the spring security filter chain (http://goo.gl/uQpq9) which checks for the authentication in your other application. At this point you would have the possibility to set the user's roles (GrantedAutority) the user gets in your new application.
A short tutorial can be found here: http://teja.tejakantamneni.com/2008/08/spring-security-using-custom.html
I hope this is what you are looking for,
Jens
精彩评论