Announcement Announcement Module
Collapse
No announcement yet.
Is it okay to define multiple MethodSecurityInterceptor beans? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is it okay to define multiple MethodSecurityInterceptor beans?

    If I have multiple XML files that I load into a single Spring application context, can I define multiple MethodSecurityInterceptor beans in separate files? The utility would be to separate the security config for separate modules into separate files. For now I have both of the beans defined in the same file. For example:

    Code:
    <bean id="exampleServiceMethodSecurity" 
               class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
            <property name="accessDecisionManager"><ref bean="serviceAccessDecisionManager"/></property>
            <property name="authenticationManager"><ref bean="authenticationManager"/></property>
            <property name="objectDefinitionSource">
                <value>
                org.example.ExampleService.*=ROLE_DOES_NOT_EXIST
                </value>
            </property>
        </bean>
        
        <bean id="otherServiceMethodSecurity" 
               class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
            <property name="accessDecisionManager"><ref bean="serviceAccessDecisionManager"/></property>
            <property name="authenticationManager"><ref bean="authenticationManager"/></property>
            <property name="objectDefinitionSource">
                <value>
                org.other.OtherService.*=ROLE_STUPID_ROLE
                </value>
            </property>
        </bean>
    I tried it and it seems to work (I get the "Adding secure method..." log statements, although the methods aren't actually intercepted, which is a topic for another post). My reason for posting is because I want to know if this is a good practice.

    Thanks in advance.

  • #2
    Sounds fine to me. I don't see any particular reason to define multiple in one file, but if they are separated like you say for separate modules, that would be fine.

    I have multiple MethodSecurityInterceptors in my project, albeit for another reason. My different interceptor beans reference different accessDecisionManagers. Anyway, I haven't run into any problems using multiple in mine (though granted, I've only actually used one even though I have multiple defined).

    If you can come up with a way to merely compose one MethodDefinitionSource across multiple files and pass that "concatenated" object into the objectDefinitionSource field, that might be better, but I'm not sure how to do it.

    Comment

    Working...
    X