Userid for authorization, instead of Role and few more questions

**kulkarni_ash** · Jan 23rd, 2012, 12:15 PM

I have few questions, if you can answer any would be great help

I have configured LDAP to do authentication, and i am able to load the roles and authorize pattern by ROLES, i would like to know if i can add ROLES and user id for authorization for example, in below code /displayMyData will be available for all users in ROLE ROLE_ROLEADMINS, but i would like to make it available for a particular user id MYUSERID, so i dont want him to add to this ROLE, but give access to only 1 function, is it possible to do so, and if yes HOW?
HTML Code:
```
<http use-expressions="true">
		
		<intercept-url pattern="/" access="isAuthenticated()" />
		<intercept-url pattern="/displayMyData" access="hasRole('ROLE_ROLEADMINS')" />
		<form-login />
  	</http>
```

Can I get all the roles from a database table, instead of hard coding them in XML file

I can print user name on JSP page using tag <security:authentication property="principal.username"/>
Is there any tag to print all the roles on JSP page for the logged in user for testing purpose

How can i access LDAP context and user id in controller class so i read more properties or do some function after user logs in,

Does logout invalidate session?

**Rob Winch** · Jan 23rd, 2012, 02:53 PM

I have answered some of the less obvious questions, but I recommend you try reading the reference for the ones I did not respond to as it covers these questions.

Originally Posted by kulkarni_ash

i would like to make it available for a particular user id MYUSERID, so i dont want him to add to this ROLE, but give access to only 1 function, is it possible to do so, and if yes HOW?

The WebSecurityExpression root shows what is available for the access attribute. WebSecurityExpression exposes a request property that is a HttpServletRequest object that can be used to access the current username. Since the username is populated as the HttpServletRequest.getRemoteUser(). You can do the following...

Code:

<http use-expressions="true">
		
		<intercept-url pattern="/" access="isAuthenticated()" />
		<intercept-url pattern="/displayMyData" access="request.remoteUser == 'admin'" />
		<form-login />
  	</http>

Originally Posted by kulkarni_ash

I can print user name on JSP page using tag <security:authentication property="principal.username"/>
Is there any tag to print all the roles on JSP page for the logged in user for testing purpose

The authentication tag accesses the current Authentication object, so yes.

**kulkarni_ash** · Jan 23rd, 2012, 09:43 PM

Thanks for the response, i got request.remoteUser working, as well as able to get all the roles printed in jsp page,
Got logout working by adding invalidate-session="true", so it answered most of questions, but one thing i am not able to figure out is how to define roles in a database table instead of XML file,
For example suppose i have interceptor-url as below, then i am hardcoding ROLE_ROLETRSADMINS or guitest1 in XML file, i would rather like to read those values from a database table, so i can change them in database without touching XML file

Code:

<intercept-url pattern="/displayAirportTiles" access="hasAnyRole('ROLE_ROLETRSADMINS') or request.remoteUser == 'guitest1'" />

**Rob Winch** · Jan 23rd, 2012, 10:01 PM

It is mentioned a number of times in the reference. Please try searching for database (better yet read it). It may be easier for you to use the single page http://static.springsource.org/sprin...ty-single.html

Thread: Userid for authorization, instead of Role and few more questions

Thread Tools

Display

Userid for authorization, instead of Role and few more questions

Posting Permissions