Custom objectDefinitionSource for FilterSecurityInterceptor

[fossil]

Problem:
Custom objectDefinitionSource for FilterSecurityInterceptor!

Want to replace:

Code:

                        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                        PATTERN_TYPE_APACHE_ANT
                            /secure/**=ROLE_SUPERVISOR,ROLE_TELLER
                            /test/**=ROLE_TELLER
                            /*.do?*=ROLE_SUPERVISOR,ROLE_TELLER
                            /*.do=ROLE_SUPERVISOR,ROLE_TELLER

With a bean where I can set this attributes dynamically. At least where I can Decide witch kind of role we are going to set. This because we want to at some roles in our application.

We did it already with the UserDetails, we get our user info + role en the permissions that belong to those roles. So we can change roles and permissions.

But we don't know how to create our own objectDefinitionSource.

Í've created my own objectDefinitionSource class that implements FilterInvocationDefinitionSource.

But it needs to befilled with Cponfig Attributes ......etc.....

Doesn't work can somebody kick us in to the right direction.??!!

[fossil]

Fixed turned out I was looking in the wrong direction.

My object is now extending PathBasedFilterInvocationDefinitionMap.

This is were I use addSecureUrl.

Finally I made a bean of it setting the property

Code:

<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager"><ref local="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
        <property name="objectDefinitionSource"><ref local="myObjectDefinitionSource"/></property>
    </bean>
	
	<bean id="myObjectDefinitionSource" class="com.thefactore.security.FFObjectDefinitionSource">
		<property name="itemDAO"><ref bean="itemDAO"/></property>
	</bean>

[Ben Alex]

Exactly, that's the way you do it.

[pisiyan]

I had the same problem and I used a class MyPathBasedFilterInvocationDefinitionMap which extends PathBasedFilterInvocationDefinitionMap. Bu I wonder where
addSecurlUrl() method can be called. I called it from
the constructor of MyPathBasedFilterInvocationDefinitionMap
but it did not seem smart to me. Any suggestions?

Thanks...

[xstevens]

I have the same question. Where should I initialize my filter definition source map? Any help on this would be great.

Thanks,

-Xavier

[tusharm]

I had a similar requirement where the URLs and their authorizations were stored in an XML file.

I extended FilterInvocationDefinitionSource and added an instance of PathBasedFilterInvocationDefinitionMap as a delegate. The ctor of this class read the XML data thru a DAO and called addSecureUrl().

Code:

public class XmlDefinitionSource implements FilterInvocationDefinitionSource {

    /**
     * Underlying objectDefinitionSource object
     */
    private PathBasedFilterInvocationDefinitionMap delegate = null;
    
    
    /**
     * Creates a proxy to a PathBasedFilterInvocationDefinitionMap to delegate calls.
     * Initializations of the delegate is done here.
     * 
     * @param authManager DAO handling URL/auth mappings
     * @throws DAOException 
     */
    public XmlDefinitionSource( RoleAuthorizationManager authManager ) throws DAOException {
        
        delegate = new PathBasedFilterInvocationDefinitionMap();
        
        // all URLs should be converted to lowercase before mapping
        delegate.setConvertUrlToLowercaseBeforeComparison( true );
        
        // read from XML and populate ConfigAttributeDefinitions in delegate
        String[] resources = authManager.getResources();
        
        for( int i = 0; i < resources.length; i++ ) {
            
        	String[] roles = authManager.getRolesForResource( resources[i] );
        	
        	// if there are roles registered for this resource
        	if( roles.length != 0 ) {
        		ConfigAttributeDefinition defn = 
        						new ConfigAttributeDefinition();
        		
        		for( int j = 0; j < roles.length; j++ ) {
            		defn.addConfigAttribute( new SecurityConfig(roles[j]) );
        		}
        		
        		delegate.addSecureUrl( resources[i], defn );
        	}
        }
    }
....

Hope this helps.

Rgds

[xstevens]

Thanks for the info. I have a working version now that is using a DB.

cheers,
-Xavier

[geodad]

Hi. I alreay have a working objectDefinitionSource and its loading the data from the DB. My question is: how can I clear de list of secure urls dynamically, so that I would be able to reload them again from the database in case I want to make a change, without restarting the application ? Thanks.