Announcement Announcement Module
No announcement yet.
Inferring Authentication Roles on client side with Spring Security Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Inferring Authentication Roles on client side with Spring Security

    I am using Spring 2.5 , Spring Security 2.0.4 framework along with GWT .

    After setting all the appropriate security filters - I was able to complete a JdbcDao based Authentication from the database successfully.

    For a given page - say , landingpage.jsp I want the display different content depending on the different roles , say admin and user.

    I have designed landing_admin.jsp , landing_user.jsp separately for the same.

    From a given page - say landing_default.jsp (after logging in) - I need the code fragment that can automatically redirect to landing_admin.jsp or landing_user.jsp depending on the role of authentication (ROLE_ADMIN or ROLE_USER etc).

    How do I get to access the authentication roles on the client side for a Spring Security configuration. Thanks.

  • #2
    Ok - I am looking at the petclinic example for the above mentioned problem - .

    I am using the jsp tag library in my application -

    My jsp page (after login redirect ) looks as follows.

    <%@ taglib prefix="security"

    <security:authorize ifAllGranted="ROLE_ADMIN">I am an Admin</security:authorize>
    <security:authorize ifAnyGranted="ROLE_USER">I am an User</security:authorize>

    I added jstl-1.2.0.jar in WEB-INF/lib of the application to be deployed.

    When I try to visit the page - I am getting the following exception:

    org.apache.jasper.JasperException: The absolute uri: cannot be resolved in either web.xml or the jar files deployed with this application
    org.apache.jasper.compiler.DefaultErrorHandler.jsp Error(
    org.apache.jasper.compiler.ErrorDispatcher.dispatc h(
    org.apache.jasper.compiler.ErrorDispatcher.jspErro r(

    Any idea what jar needs to be packaged for the identification of the URI.

    My ivy.xml looks as follows.

    <dependency org="org.springframework" name="org.springframework.spring-library"
    rev="2.5.6.A" conf="compile->runtime" />
    <dependency org="" name=""
    rev="2.0.4.A" conf="compile->runtime" />
    <dependency org="" name=""
    rev="2.0.4.A" />
    <dependency org="org.aspectj" name=""
    rev="1.6.2.RELEASE" />

    Is there any other dependency that needs to be added.


    • #3
      Ok - Adding spring security taglibs fixed the error.

      <dependency org="" name=""
      rev="2.0.4.A" />


      • #4
        Spring Security on the client-side

        Hi kaykay,

        I am currently using spring security and gwt and am attempting to integrate authorization on the client-side and I was wondering if you could help me.

        I have successfully secured all the methods on the server-side, but my question is very similar to what you were asking. How do I make the pages look different based on the roles that a user has. So pages look slightly different based on the user list of roles.

        What I had in mind at the moment, is to get the client to load up all of the privileges of the user on logging into the system. Then whenever a widget wants to load up another one, it first goes through a Controller which is responsible for checking roles and authorization.

        I know the client-side cannot be propery secured, but it's more to reorganise the front-end for users to look correct. The actual authorisation of roles is already happening on the server-side.

        Do you have any suggestions of frameworks which would help with this rather than hard-coding all the roles to the client-side?

        Any help would be much appreciated.