In general to handle the spring security in webframework
1. Add the entry DelegatingFilterProxyin web.xml
2. Add a spring listener to restrict the rolewise access in security-context.xm.
3. To support role wise access we need to implement spring user detail service (UserDetailsService)
4. In the spring user service we need to override the loadUserByUsername where we need to update the spring UserDetails with user and permission details. Spring internaly update the session with the UserDetails
5. Method level security - We can use anotation to restrict the user from accessing the method
Supportive XML configuration for point 1:
Supportive XML configuration for point 2:
class="com.bt.hqn.security.util.CustomUserDetailsServiceWrapper"
p:roleHierarchy-ref="roleHierarchy"
p:sessionFactory-ref="mySqlSessionFactory">
To restrict the user only with certain authentication access the url with role wise acces add below entry
Restrict user from accessing the website:
To restrict the website from unauthorised user we can use Deligating Filter Proxy. This filter will listen for login/logout requests and process them accordingly. It will also catch
1. Add the entry DelegatingFilterProxyin web.xml
2. Add a spring listener to restrict the rolewise access in security-context.xm.
3. To support role wise access we need to implement spring user detail service (UserDetailsService)
4. In the spring user service we need to override the loadUserByUsername where we need to update the spring UserDetails with user and permission details. Spring internaly update the session with the UserDetails
5. Method level security - We can use anotation to restrict the user from accessing the method
Supportive XML configuration for point 1:
<filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Supportive XML configuration for point 2:
p:roleHierarchy-ref="roleHierarchy"
p:sessionFactory-ref="mySqlSessionFactory">
Restrict user from accessing the website:
To restrict the website from unauthorised user we can use Deligating Filter Proxy. This filter will listen for login/logout requests and process them accordingly. It will also catch
AccesDeniedExceptions and redirect the user to the login page.Method level security:
<global-method-security
secured-annotations="enabled"
jsr250-annotations="disabled"
pre-post-annotations="disabled">
</global-method-security> @Secured("ROLE_USER")
I loved as much as you'll receive carried out right here. The sketch is tasteful, your authored material stylish. nonetheless, you command get got an edginess over that you wish be delivering the following. unwell unquestionably come more formerly again since exactly the same nearly very often inside case you shield this hike.
ReplyDeleteFeel free to visit my page - installateur volet
This is a topic that is near to my heart.
ReplyDelete.. Cheers! Where are your contact details though?
Here is my page ... Http://www.vourtimeri.com/coffreforthartmannserrurier