Dec 29th, 2008, 12:22 AM
Inferring Authentication Roles on client side with Spring Security
I am using Spring 2.5 , Spring Security 2.0.4 framework along with GWT .
After setting all the appropriate security filters - I was able to complete a JdbcDao based Authentication from the database successfully.
For a given page - say , landingpage.jsp I want the display different content depending on the different roles , say admin and user.
I have designed landing_admin.jsp , landing_user.jsp separately for the same.
From a given page - say landing_default.jsp (after logging in) - I need the code fragment that can automatically redirect to landing_admin.jsp or landing_user.jsp depending on the role of authentication (ROLE_ADMIN or ROLE_USER etc).
How do I get to access the authentication roles on the client side for a Spring Security configuration. Thanks.
Dec 29th, 2008, 12:55 AM
Ok - I am looking at the petclinic example for the above mentioned problem -
I am using the jsp tag library in my application -
My jsp page (after login redirect ) looks as follows.
<%@ taglib prefix="security"
<security:authorize ifAllGranted="ROLE_ADMIN">I am an Admin</security:authorize>
<security:authorize ifAnyGranted="ROLE_USER">I am an User</security:authorize>
I added jstl-1.2.0.jar in WEB-INF/lib of the application to be deployed.
When I try to visit the page - I am getting the following exception:
org.apache.jasper.JasperException: The absolute uri: http://www.springframework.org/security/tags cannot be resolved in either web.xml or the jar files deployed with this application
Any idea what jar needs to be packaged for the identification of the URI.
My ivy.xml looks as follows.
<dependency org="org.springframework" name="org.springframework.spring-library"
rev="2.5.6.A" conf="compile->runtime" />
<dependency org="org.springframework.security" name="org.springframework.security"
rev="2.0.4.A" conf="compile->runtime" />
<dependency org="org.springframework.security" name="org.springframework.security.annotation"
<dependency org="org.aspectj" name="com.springsource.org.aspectj.runtime"
Is there any other dependency that needs to be added.
Dec 29th, 2008, 01:13 AM
Ok - Adding spring security taglibs fixed the error.
<dependency org="org.springframework.security" name="org.springframework.security.taglibs"
May 19th, 2009, 08:31 AM
Spring Security on the client-side
I am currently using spring security and gwt and am attempting to integrate authorization on the client-side and I was wondering if you could help me.
I have successfully secured all the methods on the server-side, but my question is very similar to what you were asking. How do I make the pages look different based on the roles that a user has. So pages look slightly different based on the user list of roles.
What I had in mind at the moment, is to get the client to load up all of the privileges of the user on logging into the system. Then whenever a widget wants to load up another one, it first goes through a Controller which is responsible for checking roles and authorization.
I know the client-side cannot be propery secured, but it's more to reorganise the front-end for users to look correct. The actual authorisation of roles is already happening on the server-side.
Do you have any suggestions of frameworks which would help with this rather than hard-coding all the roles to the client-side?
Any help would be much appreciated.
Tags for this Thread