I’m trying to set up role-based Security with permissions. I’m trying to do this together with Spring-Security.
I don’t want to set up ACL as it seems it’s an overkill for my requirements.
I just want to have simple permissions and roles as described in this article.
Unfortunately the article does not describe how to implement the given solution.
Has someone already tried this and can point me in the right direction? Maybe there is another blog entry that describes the implementation?
Thank you very much.
To implement that, it seems that you have to:
org.springframework.security.authentication.ProviderManagerand configure it (set its providers) to a customorg.springframework.security.authentication.AuthenticationProvider.This last one should return on its authenticate method a Authentication, which should be setted with the
org.springframework.security.core.GrantedAuthority, in your case, all the permissions for the given user.The trick in that article is to have roles assigned to users, but, to set the permissions for those roles in the
Authentication.authoritiesobject.For that I advise you to read the API, and see if you can extend some basic ProviderManager and AuthenticationProvider instead of implementing everything. I’ve done that with
org.springframework.security.ldap.authentication.LdapAuthenticationProvidersetting a custom LdapAuthoritiesPopulator, that would retrieve the correct roles for the user.Hope this time I got what you are looking for.
Good luck.