Junior Member
spring security without DelegatingFilterProxy
Hi, I am new to spring security. All the examples that I have gone through use DelegatingFilterProxy, so that spring security sits between user and application. Is it possible to let the application decide with what all parameters call spring security. For ex, the controller decides what all actions are associated with the URL and calls security layer to authenticate/authorize and then passes them to business layer.
Senior Member
Spring Team
A lot of things can be done in your controller, but protecting resources based upon the URL is much better off in a Filter since it can intercept any request. Can I ask what you are trying to accomplish?
Junior Member
1. Suppose the actions associated with the URL are not explicit. For ex, a URL request creates object A, but it can be created only if its parent exists and user does not have permission to create parent.
2. Also, it makes a dependency on URL naming. If there are two applications, one uses REST and other normal strus type URL. If both are trying to do same actions then a common security service can be used to protect both of them.
3. eventually security would be about allow/deny user from doing some action on protected objects. What if the URL does not give us that information explicitly and we need to do some pre/post processing of URL
Junior Member
Need urgent help
Can anyone please help me with this question.
Senior Member
Spring Team
Originally Posted by dineshpathak
This sounds to me like you may want to take a look at global method security.
Posting Permissions
Reply With Quote