I am using Spring Security 3.0.3 for a project.My user info is loaded from the database. I have following interceptor
<intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
<intercept-url pattern="/**" access="ROLE_USER"/>
I want to add interceptor to user data. When I logging with user1(requester as role) he can see only specific user1 data.
http://localhost:7009/Test/requester//30351?menuId=app.requester.new
but when I logging with another user2(requester as role) and Enter above URL in browser.
http://localhost:7009/Test/requester//30351?menuId=app.requester.new.
he can see user1 data.
How can I add interceptor so that it restrict another user data.
Following is scenario
1>
login with user1 and he can see following list of data
101
102
103
when i clicks on 102 data it opens details of 102 data.
http://localhost:7009/Test/requester//102?menuId=app.requester.new.
2> login with user2 and he can see following list of data
104
105
106
when i clicks on 105 data it opens details of 105 data.
http://localhost:7009/Test/requester//105?menuId=app.requester.new.
but when i copy user1 link
http://localhost:7009/Test/requester//102?menuId=app.requester.new.
and paste into browser . user2 can see details of user1 data.
You don’t filter everything in the spring security configuration but rather do it in view or controller. Here is a very good tutorial which shows you how to use spring security in your case.
http://static.springsource.org/spring-security/site/petclinic-tutorial.html
If you use JSP for your view, you can use spring security taglib to handle the view of user own data and, for other user’s data, you will need to put the filtering logic inside the controller and pass them as model to the view. However, the exact solution depends on your application.