Implementing Hierarchical Roles in Spring Security -


i trying implement hierarchical roles in spring security , added following configuration in xml files per spring source documentation.

<bean id="rolehierarchy" class="org.springframework.security.access.hierarchicalroles.rolehierarchyimpl">     <property name="hierarchy">         <value>             role_admin > role_pro             role_pro > role_premium             role_premium > role_basic             role_basic > role_anonymous         </value>     </property> </bean>   <bean id="rolevoter"         class="org.springframework.security.access.vote.rolehierarchyvoter">          <constructor-arg ref="rolehierarchy"/> </bean>

i have tried above lines getting access denial while role_admin trying access url assigned role_basic. need add more this. found nothing other lines in spring site. also, if know of implementation of hierarchical roles, please mention them.

i think need register rolevoter @ accessdecisionmanager. @see this answer example.

but honest, doubt spring hierarchical voter concept, because need add special hierarchical voter everywhere. prefer other way: have implemented custom jdbcdaoimpl overrides addcustomauthorities , add "normal" roles "existing" once.

/**  * extension of {@link jdbcdaoimpl} user detail provider, uses  * {@link privilegesservice} extend provided authorities.  *  */ public class jdbcdaoprivilegesimpl extends jdbcdaoimpl {      private privilegesservice privilegesservice;      public jdbcdaoprivilegesimpl(final privilegesservice privilegesservice) {                 this.privilegesservice = privilegesservice;     }      @override     protected void addcustomauthorities(string username, list<grantedauthority> authorities) {         super.addcustomauthorities(username, authorities);                   list<grantedauthority> privileges = new arraylist<grantedauthority>();         (grantedauthority role : authorities) {             privileges.addall(privilegesservice.getprivilegesforrole(role));         }         authorities.addall(privileges);         } }   public interface privilegesservice {       collection<? extends grantedauthority> getprivilegesforrole(grantedauthority role); }   public class propertyprivilegesserviceimpl implements privilegesservice {      /**      * property bases mapping of roles privileges.      * every role 1 line, privileges comma separated.      */     private properties roletoprivileges;      public propertyprivilegesserviceimpl(properties roletoprivileges) {         if (roletoprivileges == null) {             throw new illegalargumentexception("roletoprivileges must not null");         }         this.roletoprivileges = roletoprivileges;     }      @override     public collection<? extends grantedauthority> getprivilegesforrole(grantedauthority role) {         if (roletoprivileges == null) {             throw new illegalargumentexception("role must not null");         }          string authority = role.getauthority();         if(authority != null) {             string commaseparatedprivileges = roletoprivileges.getproperty(role.getauthority());             if (commaseparatedprivileges != null) {                 list<grantedauthority> privileges = new arraylist<grantedauthority>();                 for(string privilegename : stringutils.commadelimitedlisttoset(commaseparatedprivileges)) {                     privileges.add(new grantedauthorityimpl(privilegename.trim()));                 }                                 return privileges;             } else {                 return collections.emptylist();             }         } else {             return collections.emptylist();         }     } }

example config

  <bean id="myuserdetailsservice" class="jdbcdaoforupdatableusernames">     <constructor-arg ref="propertyprivilegesservice"/>     <property name="datasource" ref="datasource"/>     <property name="usersbyusernamequery" value="select login,encryptedpassword,loginenabled user login = ?"/>     <property name="enableauthorities" value="true"/>     <property name="authoritiesbyusernamequery" value="select u.login, r.securityroles user u, user2security_roles r u.login= ? , u.id = r. user_fk;"/> </bean>   <bean id="propertyprivilegesservice" class="propertyprivilegesserviceimpl">     <constructor-arg>         <props>             <prop key="role_admin">                 role_premium,                 role_basic             </prop>             <prop key="role_premium">                 rrole_basic             </prop>         </props>     </constructor-arg> </bean>

Comments

Post a Comment

Popular posts from this blog

android - Get AccessToken using signpost OAuth without opening a browser (Two legged Oauth) -

i using signpost oauth access data magento server. have read various tutorials on same , reach point open browser user can enter credentials. however, per requirement have automate part. hence, user should not browser page. have set-up done on server side ( magento ), hit url , returned call page. same through program in android. i have tried below, consumer = new commonshttpoauthconsumer(key, secret); provider = new commonshttpoauthprovider(oauth_init_url,access_token_url, authorize_url); try { provider.retrieverequesttoken(consumer, oauth.out_of_band); log.d("tokens" , consumer.gettoken() + " -- " + consumer.gettokensecret()); } and request tokens. dont know how bypass next step. tried directly accessing accesstoken (stupid of me) provider.retrieveaccesstoken(consumer, "mycallback://callback"); no luck, ends in oauth.signpost.exception.oauthnotauthorizedexception: authorization failed (server replied 401). ...
Read more

org.mockito.exceptions.misusing.InvalidUseOfMatchersException: mockito -

getting error org.mockito.exceptions.misusing.invaliduseofmatchersexception: invalid use of argument matchers! 1 matchers expected, 2 recorded. exception may occur if matchers combined raw values: //incorrect: somemethod(anyobject(), "raw string"); when using matchers, arguments have provided matchers. example: //correct: somemethod(anyobject(), eq("string matcher")); at when( getprogramservice .callservice(any(getprogramtype.class))) .thenreturn(jaxbresponse); please explain error , possible resolution the code posted looks fine; don't see problem it. code before or above causing exception. key here: invalid use of argument matchers! 1 matchers expected, 2 recorded. any , used above, doesn't return "special kind of null" or "special kind of getprogramtype"; don't exist. instead, returns null , side effect puts matcher on stack. whe...
Read more

google shop client API returns 400 bad request error while adding an item -

i'm working on solution add items in google shopping market java application. following tutorial real mess because of missing classes of laste release, after setting 1.5-beta maven managed make base example typecheck correctly classes. still can make simple task of adding 1 item. instead of posting whole code i'm posting part creates product feed. private product createproduct(string id) { product product = new product(); product.title = "red wool sweater"; product.content = new content( "text", "comfortable , soft, sweater keep warm on " + "cold winter nights. red , blue stripes."); product.appcontrol = new appcontrol(); product.appcontrol.addrequireddestination("productads"); product.externalid = id; product.lang = "it"; product.country = "it"; product.condition = "nuovo"; product.price = new price("eu...
Read more