开发者

creating <intercept-url pattern> dynamically with spring security 3

问答 作者:

Hi I am new to Spring开发者_运维问答 security 3 but with the help of this site I successfully developed Authentication and Authorization. Now I want to remove intercept-url pattern from my context-security.xml. I am looking to fetch authorities for specific user form database and create dynamically. Here i did...

in context-security.xml

<beans:bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
            <custom-filter before="FIRST" ref="requestMappings"/>
            <beans:property name="authenticationManager" ref="authenticationManager" />
            <beans:property name="accessDecisionManager" ref="accessDecisionManager" />
            <beans:property name="objectDefinitionSource" ref="requestMappings" />
        </beans:bean>

        <beans:bean id="requestMappings" class="com.nmmc.common.security.repository.RequestMappingFactoryBean" />

    <http auto-config="true" once-per-request="false">

        <!-- Restrict URLs based on role -->
        <intercept-url pattern="/login.works" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/login/validate.works" access="IS_AUTHENTICATED_ANONYMOUSLY" />     
        <intercept-url pattern="/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 

        <form-login login-page="/login.works" login-processing-url="/j_spring_security_check"
            default-target-url="/login/validate.works"
            authentication-failure-url="/login.works" />
        <logout logout-url="/j_spring_security_logout"
            logout-success-url="/login.works" invalidate-session="true" />

        <session-management invalid-session-url="/login.works"
            session-fixation-protection="none">
            <concurrency-control max-sessions="50"
                error-if-maximum-exceeded="true" />
        </session-management>
    </http>

    <authentication-manager>
        <authentication-provider ref="customAuthenticationProvider"></authentication-provider>
    </authentication-manager>

    <beans:bean id="customAuthenticationProvider"
        class="com.nmmc.common.security.repository.CustomAuthenticationProvider"></beans:bean>

in RequestMappingFactoryBean

import org.springframework.beans.factory.FactoryBean;

public class RequestMappingFactoryBean implements FactoryBean{
    private final static String EOL = System.getProperty("line.separator"); 
    public Object getObject() throws Exception
    {
        StringBuffer sb = new StringBuffer();
        sb.append("CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON");
        sb.append(EOL);
        sb.append("PATTERN_TYPE_APACHE_ANT");
        sb.append(EOL);
        sb.append("/**login.works=IS_AUTHENTICATED_ANONYMOUSLY");
        sb.append(EOL);
        sb.append("/user/**=ROLE_ADMIN");
        return sb.toString();    
    }    
    public Class getObjectType()
    {       
        return String.class;
    }
    public boolean isSingleton()
    {       
        return true;
    }   
}

Also when I remove ref from

<custom-filter before="FIRST" ref="requestMappings"/>

then it gives error that ref must be define also if i define it and run my app it gives error like

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Security namespace does not support decoration of element [custom-filter]

thats why i define as given. Is there any changes in my code to run it?

Read the first answer at How to dynamically decide <intercept-url> access attribute value in Spring Security?

It has an outline of the solution.

继续阅读:springspring-security

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9