Menu
I'm create spring 3 project that uses Spring Security.
This is part of my current context-security file:
<http auto-config="true" use-expressions="true" >
<intercept-url pattern="/login.htm" access="permitAll"/>
<intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN') and fullyAuthenticated"/>
<intercept-url pattern="/hello*" access="hasRole('ROLE_ANONYMOUS')"/>
All this url I want to load from DB(from some DAO). ie I want to check access rights for any url dynamically
How can I do this in right way.
564
You could do this using Domain Object Security (ACLs).
Or you could implement a subclass of AbstractSecurityInterceptor.
Or you could do it in ad-hoc code; i.e. implement the access checks somewhere within your controller, and throw an AuthenticationException if the requestor doesn't have the required rights.
All of these end up with a SpringSecurity filter catching an AuthenticationException on the way out and taking the appropriate action; e.g. redirecting to a login page, or return a response with "access denied" status.
185
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
