Jan 31st, 2011, 04:26 AM
Spring web flow + spring security with custom permissions
My application implementation uses custom authentication filters to add custom permissions to the granted authorities of the user like PERMISSION_READ, PERMISSION UPDATE etc. In web flow the secured attributes tag - <secured attributes="" /> always considers the attributes which is defined in the access parameter in the security context.xml .. for example <http auto-config="false" access-denied-page ="xxx.jsp" entry-point-ref=".....">
<intercept-url pattern="/**" access="ROLE_ADMIN" />
i.e Only <secured attributes="ROLE_ADMIN" /> works fine, if i give <secured attributes="PERMISSION_READ" />always access is denied.
Please suggest as to how the custom defined permissions can be used in web flow?
Jan 31st, 2011, 06:30 AM