Announcement Announcement Module
No announcement yet.
Allowing access by reauthentication Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Allowing access by reauthentication

    Hello all,

    I want to ask a Spring Security question; here's the scenario:

    Some very important user logs in a spring-security based application. This user has access to some secured methods ( using the @Secured or similar annotations ):

    public void sendThousandMails() ...

    Effectively, our user has access to this method BUT, and here's where my question goes, I would like him to reauthenticate, just to improve security of a very critical method.

    So my question is: even if our user has access to a method, is it possible to intercept access to this method and ask the user for a reauthentication and, on success, continue with the execution of this method?

    Something like:

    @Secured("IMPORTANT_ROLE", reauthenticate = "IMPORTANT_ROLE")
    public void sendThousandMails() ...

    This annotation would ensure direct access to roles >= IMPORTANT_ROLE and deny access to users < IMPORTANT_ROLE. Even more, it will ask for reauth when user has role = IMPORTANT_ROLE but the user will have direct access to it when role > IMPORTANT_ROLE ( like SOME_HIGHER_IMPORTANT_ROLE )

    I find this feature really really helpful for many scenarios.

    Thank you in advance.

    Last edited by aalbericio; Nov 6th, 2009, 06:01 AM.