Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am working to configure Spring-Security with an existing application, for just basic security (i.e. what pages a user can see based on their roles). The question came up wondering if we could set what roles are required for each page in java instead of the ApplicationContext.xml.
The idea is to store them in a table in our database, so we can easily change them with out a redeployment. Is this possible? How?
Yes you can configure Spring-Security programmatically. But I don’t think that is what you want / need to do.
You could implement your own
AccessDecisionManagerclass that queries your database to fetch the rules (or whatever) for each resource / page. This is described in Section IV of the SpringSecurity manual.Alternatively, you could embed your own custom access control logic inside your MVC controller. Use
SpringSecurityContextto fetch the request’sAuthorizationobject, fish out the identity and/or authorities, and implement the decision making however you want to.