Announcement Announcement Module
Collapse
No announcement yet.
Extract dynamic roles from database Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Extract dynamic roles from database

    Hello,

    I'm beginning with spring security.
    I know how to define permissions by roles.Something like :
    Code:
    <security:global-method-security>
    	<security:protect-pointcut access="ROLE_ADMIN"
    		expression="execution(* org.test.Service*.delete*(..))" />
    </security:global-method-security>
    As we can see here, users with Admin_Role can execute delete methods.
    But in my case Roles are stocked in a database and i want to extract them dynamicly. Something like :

    Code:
    <security:global-method-security>
    	<security:protect-pointcut access="Select name From Role Where permission = 'delete'"
    		expression="execution(* org.test.Service*.delete*(..))" />
    </security:global-method-security>
    That solution is just to make the problem clearer but it doesn't exist.
    Does any one know the way to do that.
    Thanks a lot

  • #2
    You will find this very helpful http://www.mularien.com/blog/2008/07...ring-security/. Also, refer to this article, section 5.4.

    Comment


    • #3
      Typically you would assign roles when a user logs in. This is done through implementation of a UserDetailsService. Access checks are performed against these roles. Do you have a particular business scenario requiring a database lookup at the time of the access check?

      Comment


      • #4
        Thanks for you two. That helped me a lot.
        In my case I will use an LDAP Authentication and not a Database. So in place of
        using :

        Code:
        <jdbc-user-service data-source-ref="dataSource" 
            authorities-by-username-query="select username,authority from users where username=?"/>
        I found this :

        Code:
        <sec:ldap-user-service ... />
        I will try to implement it.

        Comment

        Working...
        X