help in Spring security (Roo 1.0.2)
Hi !!!
I'm new in Roo ( and every Spring universe).
In my project i need that the "ADMIN" can use "Create" and "list", and the "USER" just "list".
I can't use just hide, because "USER" can access "Create" using the Create URL.
I use "<sec:authorize access="hasRole('ROLE_ADMIN')">" in menu.jpsx but this just hide the link to Create, if i use the URL i can access the Create
anybody can help me ?
my ApplicationContext-security.xml
Sorry my english ^^ i can't talk very well ehehehehCode:<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- HTTP security configurations --> <http auto-config="true" use-expressions="true" access-denied-page="/app/accessDenied"> <form-login login-processing-url="/static/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" /> <logout logout-url="/static/j_spring_security_logout" /> <!-- Configure these elements to secure URIs in your application --> <intercept-url pattern="/album/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/alias**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/artist/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/brand/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/carrier/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/category/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/device/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/deviceconfig/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/frontend/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/frontendgroup/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/frontendinfo/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/genre/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/internaluser/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/manufacturer/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/media/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/mediadata/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/mediainputformat/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/mediainputinstance/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/mediametadata/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/mediaoutputformat/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/mediaoutputinstance/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/mediastatistics/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/mediatype/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/ordertype/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/owner/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/price/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/pricegroup/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/pricerule/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/pricetag/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/region/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/subscriptionoffer/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/subscriptionservice/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/tac/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/theme/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/useragent/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/vipuser/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/**" access="permitAll" /> </http> <!-- Configure Authentication mechanism--> <authentication-manager alias="authenticationManager"> <!-- SHA-256 values can be produced using 'echo -n your_desired_password | sha256sum' (using normal *nix environments) --> <authentication-provider> <password-encoder hash="sha-256" /> <jdbc-user-service data-source-ref="dataSource" authorities-by-username-query="select username,authority from users where username=?" /> </authentication-provider> </authentication-manager> </beans:beans>
Reply With Quote
