Results 1 to 3 of 3

Thread: Custom tag

  1. Dec 21st, 2009, 12:56 PM #1
    qmaster
    qmaster is offline Junior Member
    Join Date
    Dec 2009
    Posts
    4

    Question Custom tag

    Hello,

    I want to build a "authorized by link" security tag

    <custom:linkEnforcedAuthorization link="app_link">
    See this message if the current user has access to the given app_link.
    </custom:linkEnforcedAuthorization >

    so if the app_link is defined in security config as below

    <http>
    ...
    <intercept-url pattern="app_link*" access="PRIV_role1,PRIV_admin,..."/>
    ...
    </http>

    Basically I want to make sure that a certain link is displayed only if the user can click on it! In that way I can improve the readability and maintain the code/roles !


    Regards,
    Q
  2. Dec 21st, 2009, 06:33 PM #2
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    This is already available in the 3.0 codebase.
    Spring - by Pivotal
    twitter @tekul
  3. Dec 22nd, 2009, 10:44 AM #3
    qmaster
    qmaster is offline Junior Member
    Join Date
    Dec 2009
    Posts
    4

    Default

    I already built it yesterday - is there a simpler way for 2.0.3?

    Code:
    protected boolean canUserAccessURL( Authentication authentication, String url )
  {
    final String FILTER_LIST = "_filterChainList";
    final String ACCESS_DECISION_MANAGER = "accessDecisionManager";
    
    AccessDecisionManager accessDecisionManager = (AccessDecisionManager)BeanLocator.getBean( ACCESS_DECISION_MANAGER );
    FilterInvocation fi = new FilterInvocation( new URLDrivenHttpServletRequest( getRequest(), url ), getResponse(), new DummyFilterChain() );
    FilterChainList filterChainList = (FilterChainList)BeanLocator.getBean( FILTER_LIST );
    List filters = filterChainList.getFilters();
    for ( int i = 0; i < filters.size(); i++ )
    {
      Object obj = filters.get( i );
      if ( obj instanceof FilterSecurityInterceptor )
      {
        FilterSecurityInterceptor fsi = (FilterSecurityInterceptor)obj;
        ConfigAttributeDefinition attr = fsi.getObjectDefinitionSource().getAttributes( fi );
        try
        {
          accessDecisionManager.decide( authentication, fi, attr );
          return true;
        }
        catch( Exception e )
        {
          if ( log.isDebugEnabled() )
          {
            String message = String.format( "Url %s cannot be access by user %s. Reason:%s", url, authentication.getPrincipal(), e.getMessage() );
            log.debug( message );
          }
        }
        break;
      }
    }
    return false;
  }
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules