security in spring

[gohanz]

hi,

how do i able to get what commands that a user can access according to its roles ? i'm using jdbc authentication

thanks ...

[Ben Alex]

Take a look at the Petclinic Rich Client sample which shows how to integrate with Acegi Security.

Once authentication has happened, you can access the list of granted authorities from anywhere in the application via:

((SecureContext) ContextHolder.getContext()).getAuthentication().ge tAuthorities()

[gohanz]

thanks for the answer ...

((SecureContext) ContextHolder.getContext()).getAuthentication().ge tAuthorities()

i already do that. i make that call in the advisor, on method onWindowOpened ... but i get a null pointer exception ...
i put it in the advisor, because i want to set enabled/disabled the toolbar/menubar for different roles.

where should i make the call so it won't be null pointer again? =)

thanks again ...

[Ben Alex]

The Rich Client code that sets up the ContextHolder is org.springframework.richclient.security.SessionDet ails, as per the Petclinic sample. Although you are free to set it up however you like - it's just a ThreadLocal with Authentication populated via the Acegi Security net.sf.acegisecurity.provider.rcp package.

[adepue]

What would be cool is a way to declaratively restrict access to UI commands/objects using Acegi and then have the UI automatically respond to these restrictions visually. The developer could choose from different response strategies: disable the command (buttons, menus, etc, will be grayed out), remove the command (it just won't show up), and others...
Declarative security at the form level would be nice too (both for an entire form and also for individual properties/field).
Hhhmmm.. not sure off the top of my head what form all this would take.

- Andy

[Ben Alex]

I agree with you re the command buttons, although I haven't had a chance to look at it for a while and the command structure and lifecycle were being refactored around the time security was added to Spring Rich, which is why it wasn't done back then. Things have settled down a lot since, so it's now just a question of getting time.