I always have a Struts Action associated a Service for the business logic and persistence. Hence I will use some interceptors to restrain security with the Service layer.
Now I have a new project,...
Type: Posts; User: DanielYWoo; Keyword(s):
Security Discussion: Where to intercept?
I always have a Struts Action associated a Service for the business logic and persistence. Hence I will use some interceptors to restrain security with the Service layer.
Now I have a new project,...
Appreciate your help, I will take a look at the...
Appreciate your help, I will take a look at the article you mentioned, I guess it's http://server.denksoft.com/wordpress/?page_id=5
>>>>another way you might consider thinking about is to remove...
>>ROLE_PROJECT_MANAGER
>>ROLE_PROJECT_USER
I...
>>ROLE_PROJECT_MANAGER
>>ROLE_PROJECT_USER
I need to dynamically create roles by the system administrator. Once a Role is created it can be used in all projects and has the same permissions....
another solution
I had read them through, but I didn't figure a way to do that.
I have another solution as below.
A User has ProjectAuthority(s), each ProjectAuthority is a collection of Role(s) for a specific...
Role based + domain object security
We are starting to develop a project management tool with the security model as below, it seems Spring Security cannot make it.
1. A User has Permissions and Roles, and a Role is a collection of...
I submitted an CR for you, pls evaluate it :-)...
I submitted an CR for you, pls evaluate it :-)
http://jira.springframework.org/browse/SEC-1100
Thanks for you reply, I also found this in Spring...
Thanks for you reply, I also found this in Spring doc, but for 403, it seems that we can only specify a page, it's not allowed to replace the accessDeniedhandler
see ...
I solved half of this issue.
I think for 401...
I solved half of this issue.
I think for 401 unauthorized URLs, I can replace the "authenticationEntryPoint" in ExceptionTranslationFilter with name space configuration this way:
<security:http...
I want to inject my own authenticationEntryPoint...
I want to inject my own authenticationEntryPoint (redirect to login page for UI URL, send error 401 for web service URL) and accessDeniedHandler(redirect to 'access-denied-page' for UI URL, send...
Process 401/403 differently according to URLs
I have three types of URLs to be protected:
UI - /ui/**
RESTful Web Service - /ws/rest/**
SOAP Web Service - /ws/soap/**
For UI URLs, if a user is not authenticated, I want it to be redirected...
I am such a fool
I am such a fool
Sorry I did not express what I mean, I know the...
Sorry I did not express what I mean, I know the purpose of ROLE_ and IS_, but I don't know what's the abbreviation of IS_ :-)
so what does IS_ mean?
I still don't know what does IS mean even reader through the guide