Announcement Announcement Module
No announcement yet.
Use Method Security without using Spring Authentication Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Use Method Security without using Spring Authentication

    I would like to Spring's Method Security ability to protect access to pages/methods based on user role. However, it seems that I have to use Spring's authentication in order to specify the role(s) as the value for the access attribute.

    I have my own login process which queries a database and authenticates a user. Then, if the user belongs to multiple departments, they are taken to a page where they select the department under which they would like to login. Also, if this is their first login, they may be taken to a reset password page. Furthermore, any access violations, e.g. incorrect password, account being disabled (after 3 incorrect login attempts), application not accessible for user's department etc need to recorded in the database. It seems that doing all this using Spring's authentication process would be too tedious.

    So my questions are:
    (1) Is it possible to use method security without using spring authentication? If yes, can you please guide me as to how I would get started?
    (2) Am I understanding correctly that it would be too tedious and take too much java code and time to replace my current "involved" login process with spring's authentication mechanism?

    I am trying to determine the feasibility of, and then how to get started with, Spring Security. The idea of security pointcuts and intercept-methods decorator seems very enticing. But it seems way too much work with authentication to be able to use them.

    Any suggestions are appreciated.