Userid for authorization, instead of Role and few more questions

Printable View

Jan 23rd, 2012, 12:15 PM
kulkarni_ash

Userid for authorization, instead of Role and few more questions
I have few questions, if you can answer any would be great help
1. I have configured LDAP to do authentication, and i am able to load the roles and authorize pattern by ROLES, i would like to know if i can add ROLES and user id for authorization for example, in below code /displayMyData will be available for all users in ROLE ROLE_ROLEADMINS, but i would like to make it available for a particular user id MYUSERID, so i dont want him to add to this ROLE, but give access to only 1 function, is it possible to do so, and if yes HOW?
  
  HTML Code:
  
  <http use-expressions="true"> <intercept-url pattern="/" access="isAuthenticated()" /> <intercept-url pattern="/displayMyData" access="hasRole('ROLE_ROLEADMINS')" /> <form-login /> </http>
1. Can I get all the roles from a database table, instead of hard coding them in XML file
1. I can print user name on JSP page using tag <security:authentication property="principal.username"/>
  Is there any tag to print all the roles on JSP page for the logged in user for testing purpose
1. How can i access LDAP context and user id in controller class so i read more properties or do some function after user logs in,
1. Does logout invalidate session?
Jan 23rd, 2012, 02:53 PM
Rob Winch

I have answered some of the less obvious questions, but I recommend you try reading the reference for the ones I did not respond to as it covers these questions.

Quote:

Originally Posted by kulkarni_ash

i would like to make it available for a particular user id MYUSERID, so i dont want him to add to this ROLE, but give access to only 1 function, is it possible to do so, and if yes HOW?

The WebSecurityExpression root shows what is available for the access attribute. WebSecurityExpression exposes a request property that is a HttpServletRequest object that can be used to access the current username. Since the username is populated as the HttpServletRequest.getRemoteUser(). You can do the following...

Code:

<http use-expressions="true"> <intercept-url pattern="/" access="isAuthenticated()" /> <intercept-url pattern="/displayMyData" access="request.remoteUser == 'admin'" /> <form-login /> </http>

Quote:

Originally Posted by kulkarni_ash

I can print user name on JSP page using tag <security:authentication property="principal.username"/>
Is there any tag to print all the roles on JSP page for the logged in user for testing purpose

The authentication tag accesses the current Authentication object, so yes.
Jan 23rd, 2012, 09:43 PM
kulkarni_ash

Thanks for the response, i got request.remoteUser working, as well as able to get all the roles printed in jsp page,
Got logout working by adding invalidate-session="true", so it answered most of questions, but one thing i am not able to figure out is how to define roles in a database table instead of XML file,
For example suppose i have interceptor-url as below, then i am hardcoding ROLE_ROLETRSADMINS or guitest1 in XML file, i would rather like to read those values from a database table, so i can change them in database without touching XML file

Code:

<intercept-url pattern="/displayAirportTiles" access="hasAnyRole('ROLE_ROLETRSADMINS') or request.remoteUser == 'guitest1'" />
Jan 23rd, 2012, 10:01 PM
Rob Winch

It is mentioned a number of times in the reference. Please try searching for database (better yet read it). It may be easier for you to use the single page http://static.springsource.org/sprin...ty-single.html