about resources

[Kavita]

As far as my knowledge, we are specifying resources to be secured in config. files (e.g applicationContext.xml) . Is there any way to sepcify resource to secured at runtime , I mean without editing config file. Please correct me if I am thinking wrong.

[karldmoore]

What do you mean by specifying resources at runtime? You want to change the security settings?

You don't have to specify security in the applicationContext, you can use the @Secured annotation.

[Kavita]

Thanks for quick reply.
I just gone thro Reference Guide and I got your point. Please may I know if we can sepcify the resources(which can be URL or method call) to be secured somewhere else instead of specifying it in class(in case of method ) or in config file(in case of URL) like in database as we can specify user role mapping in database. I am very new to ACEGI and Spring concepts. Please correct me if I am thinking in wrong direction.

[Marten Deinum]

In theorie you could, although you would have to provide your own implementation of the needed classes. You could implement a database version of the FilterInvocationDefinitionSource.

I can see a added value for securing/configuring URL's this way, I wonder about configuring method based security this way.

[karldmoore]

Marten beat me to it . I think there was a thread on here a while ago about this. If I remember rightly some code was posted that did exactly that. It was pretty simple though so you could do it yourself. All your doing is populating said class with the security instructions from DB instead of file.

[Marten Deinum]

Marten beat me to it

I'll buy you drink at the next Spring conference we both attend .

I did some searching and found this thread however they did not post a solution, but you might be able to contact them and request for their solution.

This thread has some sample code, although it contains errors (as mentioned in the thread) it should provide you with a way to go.