Announcement Announcement Module
Collapse
No announcement yet.
Userid for authorization, instead of Role and few more questions Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Userid for authorization, instead of Role and few more questions

    I have few questions, if you can answer any would be great help
    1. I have configured LDAP to do authentication, and i am able to load the roles and authorize pattern by ROLES, i would like to know if i can add ROLES and user id for authorization for example, in below code /displayMyData will be available for all users in ROLE ROLE_ROLEADMINS, but i would like to make it available for a particular user id MYUSERID, so i dont want him to add to this ROLE, but give access to only 1 function, is it possible to do so, and if yes HOW?

      HTML Code:
      <http use-expressions="true">
      		
      		<intercept-url pattern="/" access="isAuthenticated()" />
      		<intercept-url pattern="/displayMyData" access="hasRole('ROLE_ROLEADMINS')" />
      		<form-login />
        	</http>
    1. Can I get all the roles from a database table, instead of hard coding them in XML file

    1. I can print user name on JSP page using tag <security:authentication property="principal.username"/>
      Is there any tag to print all the roles on JSP page for the logged in user for testing purpose

    1. How can i access LDAP context and user id in controller class so i read more properties or do some function after user logs in,

    1. Does logout invalidate session?

  • #2
    I have answered some of the less obvious questions, but I recommend you try reading the reference for the ones I did not respond to as it covers these questions.

    Originally posted by kulkarni_ash View Post
    i would like to make it available for a particular user id MYUSERID, so i dont want him to add to this ROLE, but give access to only 1 function, is it possible to do so, and if yes HOW?
    The WebSecurityExpression root shows what is available for the access attribute. WebSecurityExpression exposes a request property that is a HttpServletRequest object that can be used to access the current username. Since the username is populated as the HttpServletRequest.getRemoteUser(). You can do the following...

    Code:
    <http use-expressions="true">
    		
    		<intercept-url pattern="/" access="isAuthenticated()" />
    		<intercept-url pattern="/displayMyData" access="request.remoteUser == 'admin'" />
    		<form-login />
      	</http>

    Originally posted by kulkarni_ash View Post
    I can print user name on JSP page using tag <security:authentication property="principal.username"/>
    Is there any tag to print all the roles on JSP page for the logged in user for testing purpose
    The authentication tag accesses the current Authentication object, so yes.

    Comment


    • #3
      Thanks for the response, i got request.remoteUser working, as well as able to get all the roles printed in jsp page,
      Got logout working by adding invalidate-session="true", so it answered most of questions, but one thing i am not able to figure out is how to define roles in a database table instead of XML file,
      For example suppose i have interceptor-url as below, then i am hardcoding ROLE_ROLETRSADMINS or guitest1 in XML file, i would rather like to read those values from a database table, so i can change them in database without touching XML file

      Code:
      <intercept-url pattern="/displayAirportTiles" access="hasAnyRole('ROLE_ROLETRSADMINS') or request.remoteUser == 'guitest1'" />

      Comment


      • #4
        It is mentioned a number of times in the reference. Please try searching for database (better yet read it). It may be easier for you to use the single page http://static.springsource.org/sprin...ty-single.html

        Comment

        Working...
        X