Yes, something like that. The method to get user details returns important informations like user password, so I want to secure it and authorize only authentication provider to call it.Originally Posted by Luke
Junior Member
Yes, something like that. The method to get user details returns important informations like user password, so I want to secure it and authorize only authentication provider to call it.
Senior Member
Acegi Security System TeamSpring Team
Well, you can configure that kind of thing by running under a SecurityManager, or you could use aspectj. It's not really the kind of thing that Acegi should be doing - more about applying safeguard policies to your development process. If you're actually worried about code-level threats then you will have to do a lot more than just protecting the authentication provider.
Where do you see a threat coming from?
Junior Member
Well, I'm not a security specialist so I don't really know where the threat could come from. But all other methods will be secured (available only for authenticated and authorized users), so I want to do the same with the service method returning userdetails from the database, which is sensible data. Moreover we plan to expose these services methods to final users through business processes they can build with BPEL or something like that. So people who will potentially use these services are not only developers and are not always aware about security issues
Posting Permissions
