Spring web flow + spring security with custom permissions

**ramlael** · Jan 31st, 2011, 04:26 AM

My application implementation uses custom authentication filters to add custom permissions to the granted authorities of the user like PERMISSION_READ, PERMISSION UPDATE etc. In web flow the secured attributes tag - <secured attributes="" /> always considers the attributes which is defined in the access parameter in the security context.xml .. for example <http auto-config="false" access-denied-page ="xxx.jsp" entry-point-ref=".....">
<intercept-url pattern="/**" access="ROLE_ADMIN" />
</http>
i.e Only <secured attributes="ROLE_ADMIN" /> works fine, if i give <secured attributes="PERMISSION_READ" />always access is denied.
Please suggest as to how the custom defined permissions can be used in web flow?

Thank you,
Rambabu

**Luke Taylor** · Jan 31st, 2011, 06:30 AM

Check this FAQ.

Thread: Spring web flow + spring security with custom permissions

Thread Tools

Display

Spring web flow + spring security with custom permissions

Posting Permissions