Announcement Announcement Module
Collapse
No announcement yet.
Commands/Roles(Authorization), finding example or a idea of this Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Commands/Roles(Authorization), finding example or a idea of this

    Hello, people

    I need a running example of working the Spring Rich Client Authorization with the most dynamic way possible. because I have to get user roles from the database and these roles are managed.
    I have to implement security that allows extracting of the authorization data from the database...

    Any idea would be also helpful
    Gracias..

  • #2
    Heres my security context:

    Code:
    <!--
        Description: Create an alias to the authentication manager for use by other beans.
      -->
      <authentication-manager alias="authenticationManager"/>
    
      <!--
        Description: Enable method level annotation security.  Secures methods annotated
          with the @Secured, @SecureObject, @Filter, etc. annotations.
      -->
      <!--<global-method-security secured-annotations="enabled"/>-->
    
      <!--
        Example of globally securing method calls.
    
        Description: This will protect all methods on beans declared in the application context
          whose classes are in the org.chd.hydra.service package and whose class names end in
          "Service".  Only users with the ROLE_DOMAIN ADMINS role will be able to invoke these
          methods. As with URL matching, the most specific matches must come first in
          the list of pointcuts, as the first matching expression will be used.
      -->
      <!--<global-method-security>
        <protect-pointcut expression="execution(* org.chd.hydra.service.*Service.*(..))" access="ROLE_DOMAIN ADMINS"/>-->
        <!--<protect-pointcut expression="execution(* webtest.service.HelloService.sayHello(..))" access="ROLE_ADMIN"/>-->
      <!--</global-method-security>-->
    
      <!--
        Description: Configures http security including http authentication type, mapping urls to channels
          and role requirements, mapping login, logout, and exception pages to urls and session control.
      -->
      <http auto-config="false" create-session="always" once-per-request="false" realm="Hydra Realm">
        <!--<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>-->
        <anonymous/>
        <http-basic/>
        <logout logout-url="/logout.html"/>
    
        <!--
          Maps the ports if they are different from the standard.
          Standard: http = 80, https = 443.
        -->
        <!--<port-mappings>
          <port-mapping http="8084" https="8181"/>
        </port-mappings>-->
    
        <intercept-url pattern="/index.htm*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/remoting/RemoteAuthenticationManager.html" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="http"/>
        <intercept-url pattern="/remoting/**" access="ROLE_CHD GROUP" requires-channel="http"/>
        <intercept-url pattern="/secure/**" access="ROLE_DOMAIN ADMINS" requires-channel="http"/>
      </http>
    
      <!--
        Example of securing a method call on a bean.
    
        <bean id="accountService" class="accounts.AccountServiceImpl">
          Secure the secureAccount method, only allowing ROLE_ADMIN access.
          <security:intercept-methods>
            <security:protect access="ROLE_ADMIN" method="secureAccount"/>
          </security:intercept-methods>
        </bean>
      -->
    
      <beans:bean id="userSearch"
                  class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
        <beans:constructor-arg index="0" value="${ldap.user-search-base}"/>
        <beans:constructor-arg index="1" value="${ldap.user-search-filter}"/>
        <beans:constructor-arg index="2" ref="contextSource" />
    
      </beans:bean>
    
      <beans:bean id="contextSource"
                  class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <beans:constructor-arg value="${ldap.url}"/>
        <beans:property name="userDn" value="${ldap.manager-dn}"/>
        <beans:property name="password" value="${ldap.manager-password}"/>
      </beans:bean>
    
      <beans:bean id="ldapAuthProvider"
                  class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
        <custom-authentication-provider/>
        <beans:constructor-arg>
          <beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
            <beans:constructor-arg ref="contextSource"/>
            <beans:property name="userSearch" ref="userSearch"/>
          </beans:bean>
        </beans:constructor-arg>
        <beans:constructor-arg>
    
          <!-- An authorities populator that loads roles as LDAP groups a user is a member of. -->
          <!--<beans:bean
            class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
            <beans:constructor-arg ref="contextSource"/>
            <beans:constructor-arg value="${ldap.group-search-base}"/>
            <beans:property name="groupSearchFilter" value="${ldap.group-search-filter}"/>
          </beans:bean>-->
    
          <!--
            An authorities populator that loads roles from the dataSource with default tables configured to
            match the schema here:
    
            http://static.springsource.org/spring-security/site/docs/3.0.x/reference/appendix-schema.html
          -->
          <beans:bean class="org.springframework.security.ldap.populator.UserDetailsServiceLdapAuthoritiesPopulator">
            <beans:constructor-arg>
              <beans:bean class="org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager">
                <beans:property name="authenticationManager" ref="authenticationManager"/>
                <beans:property name="dataSource" ref="dataSource"/>
    
                <!-- enable lookup of permissions via user's group -->
                <!--<beans:property name="enableGroups" value="true"/>-->
    
                <!-- disable direct lookup of user's permissions (require lookup via group) -->
                <beans:property name="enableAuthorities" value="true"/>
                <beans:property name="rolePrefix" value="ROLE_"/>
              </beans:bean>
            </beans:constructor-arg>
          </beans:bean>
    
        </beans:constructor-arg>
      </beans:bean>
    
    </beans:beans>
    This works when I have my database set up according to this:

    http://static.springsource.org/sprin...ix-schema.html

    You can just comment out the DefaultLdapAuthoritiesPopulator or the UserDetailsServiceLdapAuthoritiesPopulator to switch between authenticating against an LDAP and loading roles from the database to doing both with the LDAP.
    Last edited by adamarmistead; Apr 16th, 2010, 12:32 PM.

    Comment


    • #3
      Oh yeah, just in case, you need a remote authentication manager for the client to hook to.

      Code:
      <!--
          Bean: RemoteAuthenticationManager.html
          Description: The remote authentication manager service bean exports the remote
            authentication manager service via an HttpInvoker.  The bean name is used
            instead of the id in order to map the service name to a URL.
        -->
        <bean name="/RemoteAuthenticationManager.html"
              class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
          <property name="service" ref="remoteAuthenticationManager"/>
          <property name="serviceInterface" value="org.springframework.security.providers.rcp.RemoteAuthenticationManager"/>
        </bean>
      and here's some stuff about configuring the variable placeholders (this will obviously be different for you):

      Code:
      ldap.group-search-base = OU=Groups,OU=Network users
      ldap.group-search-filter = member={0}
      ldap.manager-dn = CN=myapplication,OU=System Accounts,OU=Network Users,DC=mycompany,DC=org
      ldap.manager-password = myLDAPManagerPassword
      ldap.person-search-filter = (objectclass=person)
      ldap.user-search-base = OU=Staff,OU=Network users
      ldap.user-search-filter = (sAMAccountName={0})
      ldap.url = ldap://ldapserver1:389/dc=mycompany,dc=org ldap://ldapserver2:389/dc=mycompany,dc=org

      Comment


      • #4
        Commands/Roles(Authorization), finding example or a idea of this Reply to Thread

        seems not to have understood the question, my problem is that I'm developing a desktop application, and need to implement access control,the documentation that exist of spring rcp is very limited on this issue is not how to get the permissions of the database for enabled/disable the command that an user can made...

        Without using remote connections or ldap but using daoAuthenticationProvider
        I want a security based in roles.

        I have a desktop application with swing+Spring and hibernate.

        I need put access control with Spring Security or before version ACEGI.

        What's steps for use Spring security or ACEGI in my Application??
        Is It necessary use RPC??

        If you have any example or idea of how serious an official please help.
        Last edited by aantelov; Apr 19th, 2010, 09:35 PM.

        Comment


        • #5
          Is this something like what you are looking for?

          http://www.denksoft.com/wordpress/we...rity-tutorial/

          Comment


          • #6
            This does not answer my question because the roles of the application must be static

            This tutorial and I read it but I was clear as I can get the permissions to disable the user commands. And besides I can not create dinamic roles in the application. If you could make me an example of a form with two users in the database and the mechanism to see if it actually works but I would appreciate I have not been successful ..


            I await your response and I need it urgently

            Comment


            • #7
              I don't get, what you want..

              Comment

              Working...
              X