Spring Security

In general to handle the spring security in webframework
1. Add the entry DelegatingFilterProxyin web.xml
2. Add a spring listener to restrict the rolewise access in security-context.xm.
3. To support role wise access we need to implement spring user detail service (UserDetailsService)
4. In the spring user service we need to override the  loadUserByUsername where we need to update the spring UserDetails with user and permission details. Spring internaly update the session with the UserDetails
5. Method level security - We can use anotation to restrict the user from accessing the method

Supportive XML configuration for point 1:

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

  

Supportive XML configuration for point 2:
          class="com.bt.hqn.security.util.CustomUserDetailsServiceWrapper"
          p:roleHierarchy-ref="roleHierarchy"        
          p:sessionFactory-ref="mySqlSessionFactory">com.bt.hqn.security.util.CustomUser               
           
        To restrict the user only with certain authentication access the url with role wise acces add below entry


Restrict user from accessing the website:
To restrict the website from unauthorised user we can use Deligating Filter Proxy. This filter will listen for login/logout requests and process them accordingly. It will also catch AccesDeniedExceptions and redirect the user to the login page.

Method level security:

<global-method-security
    secured-annotations="enabled" 
    jsr250-annotations="disabled"
    pre-post-annotations="disabled">        
</global-method-security>

• @Secured("ROLE_USER")

 

Difference Between Command Patter & Strategic patter is nothing but difference between instance variable and local variable.

Difference Between Command Patter & Strategic patter is nothing but difference between instance variable and local variable.

Command Patter: We need to use the command patter when client need to process a task(execute) for an command object where which command need to be executed is decided during runtime. Here Command Object is the instance variable.

Strategic Patter: Strategic patter is used when client execute certain task by the strategic class using the local variable. If we are configuring the context as singletom for the service class then we need to use Strategic patter.
[12:19:31 PM] Bala Thiruppathy: In Sudo-Code: Command Patter:

Public CommandImp{
  public void execute(){
   ---
   --
  }

}

Public StrategicImp{
  public void Fun1(FormVO obj){
   ---
   --
  }

}