Announcement Announcement Module
Collapse
No announcement yet.
security in spring Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • security in spring

    hi,

    how do i able to get what commands that a user can access according to its roles ? i'm using jdbc authentication

    thanks ...

  • #2
    Take a look at the Petclinic Rich Client sample which shows how to integrate with Acegi Security.

    Once authentication has happened, you can access the list of granted authorities from anywhere in the application via:

    ((SecureContext) ContextHolder.getContext()).getAuthentication().ge tAuthorities()

    Comment


    • #3
      thanks for the answer ...

      ((SecureContext) ContextHolder.getContext()).getAuthentication().ge tAuthorities()

      i already do that. i make that call in the advisor, on method onWindowOpened ... but i get a null pointer exception ...
      i put it in the advisor, because i want to set enabled/disabled the toolbar/menubar for different roles.

      where should i make the call so it won't be null pointer again? =)

      thanks again ...

      Comment


      • #4
        The Rich Client code that sets up the ContextHolder is org.springframework.richclient.security.SessionDet ails, as per the Petclinic sample. Although you are free to set it up however you like - it's just a ThreadLocal with Authentication populated via the Acegi Security net.sf.acegisecurity.provider.rcp package.

        Comment


        • #5
          What would be cool is a way to declaratively restrict access to UI commands/objects using Acegi and then have the UI automatically respond to these restrictions visually. The developer could choose from different response strategies: disable the command (buttons, menus, etc, will be grayed out), remove the command (it just won't show up), and others...
          Declarative security at the form level would be nice too (both for an entire form and also for individual properties/field).
          Hhhmmm.. not sure off the top of my head what form all this would take.

          - Andy

          Comment


          • #6
            I agree with you re the command buttons, although I haven't had a chance to look at it for a while and the command structure and lifecycle were being refactored around the time security was added to Spring Rich, which is why it wasn't done back then. Things have settled down a lot since, so it's now just a question of getting time.

            Comment

            Working...
            X