Announcement Announcement Module
Collapse
No announcement yet.
Inferring Authentication Roles on client side with Spring Security Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Inferring Authentication Roles on client side with Spring Security

    I am using Spring 2.5 , Spring Security 2.0.4 framework along with GWT .

    After setting all the appropriate security filters - I was able to complete a JdbcDao based Authentication from the database successfully.

    For a given page - say , landingpage.jsp I want the display different content depending on the different roles , say admin and user.

    I have designed landing_admin.jsp , landing_user.jsp separately for the same.

    From a given page - say landing_default.jsp (after logging in) - I need the code fragment that can automatically redirect to landing_admin.jsp or landing_user.jsp depending on the role of authentication (ROLE_ADMIN or ROLE_USER etc).

    How do I get to access the authentication roles on the client side for a Spring Security configuration. Thanks.

  • #2
    Ok - I am looking at the petclinic example for the above mentioned problem -

    http://static.springframework.org/sp...-tutorial.html .

    I am using the jsp tag library in my application -

    My jsp page (after login redirect ) looks as follows.

    <%@ taglib prefix="security"
    uri="http://www.springframework.org/security/tags"%>
    <html>
    <body>

    <security:authorize ifAllGranted="ROLE_ADMIN">I am an Admin</security:authorize>
    <security:authorize ifAnyGranted="ROLE_USER">I am an User</security:authorize>
    ..
    ...
    </body></html>

    I added jstl-1.2.0.jar in WEB-INF/lib of the application to be deployed.

    When I try to visit the page - I am getting the following exception:


    org.apache.jasper.JasperException: The absolute uri: http://www.springframework.org/security/tags cannot be resolved in either web.xml or the jar files deployed with this application
    org.apache.jasper.compiler.DefaultErrorHandler.jsp Error(DefaultErrorHandler.java:51)
    org.apache.jasper.compiler.ErrorDispatcher.dispatc h(ErrorDispatcher.java:409)
    org.apache.jasper.compiler.ErrorDispatcher.jspErro r(ErrorDispatcher.java:116)


    Any idea what jar needs to be packaged for the identification of the URI.

    My ivy.xml looks as follows.


    <dependency org="org.springframework" name="org.springframework.spring-library"
    rev="2.5.6.A" conf="compile->runtime" />
    <dependency org="org.springframework.security" name="org.springframework.security"
    rev="2.0.4.A" conf="compile->runtime" />
    <dependency org="org.springframework.security" name="org.springframework.security.annotation"
    rev="2.0.4.A" />
    <dependency org="org.aspectj" name="com.springsource.org.aspectj.runtime"
    rev="1.6.2.RELEASE" />

    Is there any other dependency that needs to be added.

    Comment


    • #3
      Ok - Adding spring security taglibs fixed the error.


      <dependency org="org.springframework.security" name="org.springframework.security.taglibs"
      rev="2.0.4.A" />

      Comment


      • #4
        Spring Security on the client-side

        Hi kaykay,

        I am currently using spring security and gwt and am attempting to integrate authorization on the client-side and I was wondering if you could help me.

        I have successfully secured all the methods on the server-side, but my question is very similar to what you were asking. How do I make the pages look different based on the roles that a user has. So pages look slightly different based on the user list of roles.

        What I had in mind at the moment, is to get the client to load up all of the privileges of the user on logging into the system. Then whenever a widget wants to load up another one, it first goes through a Controller which is responsible for checking roles and authorization.

        I know the client-side cannot be propery secured, but it's more to reorganise the front-end for users to look correct. The actual authorisation of roles is already happening on the server-side.

        Do you have any suggestions of frameworks which would help with this rather than hard-coding all the roles to the client-side?

        Any help would be much appreciated.

        Mahamad

        Comment

        Working...
        X