There is a typical configuration example in reference:
Code:
lt;bean id=quot;filterSecurityInterceptorquot;
class=quot;org..security.web.access.intercept.FilterSecurityInterceptorquot;gt;
lt;property name=quot;authenticationManagerquot; ref=quot;authenticationManagerquot;/gt;
lt;property name=quot;accessDecisionManagerquot; ref=quot;accessDecisionManagerquot;/gt;
lt;property name=quot;securityMetadataSourcequot;gt;
lt;security:filter-security-metadata-sourcegt;
lt;security:intercept-ucl pattern=quot;/secure/super/**quot; access=quot;ROLE_WE_DONT_HAVEquot;/gt;
lt;security:intercept-ucl pattern=quot;/secure/**quot; access=quot;ROLE_SUPERVISOR,ROLE_TELLERquot;/gt;
lt;/security:filter-security-metadata-sourcegt;
lt;/propertygt;
lt;/beangt;
accessDecisionManager property is required there.
But I don't need custom accessDecisionManager implementation. So how to set default accessDecisionManager?
I only need to sequre ucls by role and expression based access control to methods, such as:
Code:
@PreAuthorize(quot;hasRole('ROLE_USER')quot;)
public void create(Contact contact);why don't you use namespace-based configurations? then you won't need to set an AccessDesionManager.
If you do the spring beans version, you will have to configure the AccessDesionManager
Following configuration should work for you,Code:
lt;beans xmlns=quot;schema/beansquot;
xmlns:security=quot;schema/securityquot;
xmlns:xsi=quot;2001/XMLSchema-instancequot;
xsi:schemaLocation=quot;schema/beans schema/beans/spring-beans-3.0.xsd schema/security schema/security/spring-security-3.0.3.xsdquot;gt;
lt;security:global-method-security
secured-annotations=quot;enabledquot; jsr250-annotations=quot;enabledquot; /gt;
lt;security:from auto-config=quot;truequot;gt;
lt;security:intercept-ucl pattern=quot;/secure/super/**quot; access=quot;ROLE_WE_DONT_HAVEquot;/gt;
lt;security:intercept-ucl pattern=quot;/secure/**quot; access=quot;ROLE_SUPERVISOR,ROLE_TELLERquot;/gt;
lt;/security:fromgt;
lt;security:authentication-manager alias=quot;authenticationManagerquot;gt;
lt;security:authentication-provider
ref=quot;daoAuthenticationProviderquot; /gt;
lt;/security:authentication-managergt;
lt;bean id=quot;daoAuthenticationProviderquot;
class=quot;org..security.authentication.dao.DaoAuthenticationProviderquot;gt;
lt;!-- Your properties --gt;
lt;/beangt;
lt;/beansgt;
Just assuming you are using a DaoAuthenticationProvider
Originally Posted by kostepanychThere is a typical configuration example in reference:
Code:
lt;bean id=quot;filterSecurityInterceptorquot;
class=quot;org..security.web.access.intercept.FilterSecurityInterceptorquot;gt;
lt;property name=quot;authenticationManagerquot; ref=quot;authenticationManagerquot;/gt;
lt;property name=quot;accessDecisionManagerquot; ref=quot;accessDecisionManagerquot;/gt;
lt;property name=quot;securityMetadataSourcequot;gt;
lt;security:filter-security-metadata-sourcegt;
lt;security:intercept-ucl pattern=quot;/secure/super/**quot; access=quot;ROLE_WE_DONT_HAVEquot;/gt;
lt;security:intercept-ucl pattern=quot;/secure/**quot; access=quot;ROLE_SUPERVISOR,ROLE_TELLERquot;/gt;
lt;/security:filter-security-metadata-sourcegt;
lt;/propertygt;
lt;/beangt;
accessDecisionManager property is required there.
But I don't need custom accessDecisionManager implementation. So how to set default accessDecisionManager?
I only need to sequre ucls by role and expression based access control to methods, such as:
Code:
@PreAuthorize(quot;hasRole('ROLE_USER')quot;)
public void create(Contact contact);I'm just wondering how is this a typical configuration? It seems more of a customized configuration |
Post at 2011-4-15 14:38
| This Author's Posts Only
