Quantcast

Spring Security annotations

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Spring Security annotations

Dru Devore
Is there an annotation available with spring security to specify a logged in user?

Such as
@Secured(['LOGGED_IN'])
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security annotations

Tom Nichols
Shouldn't there be a group that comprises all users?  Such that
@Secured('ROLE_USERS')
implies that the user is logged in without putting further restriction
on their access.  I suppose it depends on what your underlying
authorization platform is (e.g. LDAP or something else; Grails doesn't
promote a certain auth system does it?)

-Tom


On Thu, Aug 20, 2009 at 1:40 PM, Dru Devore<[hidden email]> wrote:
> Is there an annotation available with spring security to specify a logged in
> user?
>
> Such as
> @Secured(['LOGGED_IN'])
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security annotations

Dru Devore-3
I am using the spring security implemented in grails with nothing like ldap. Also, an administrator is not necessarily a user I could implement it that way but I haven't. It would be nice if I could create a role hierarchy to do what you mention.

 

On Thu, Aug 20, 2009 at 1:49 PM, Tom Nichols <[hidden email]> wrote:
Shouldn't there be a group that comprises all users?  Such that
@Secured('ROLE_USERS')
implies that the user is logged in without putting further restriction
on their access.  I suppose it depends on what your underlying
authorization platform is (e.g. LDAP or something else; Grails doesn't
promote a certain auth system does it?)

-Tom


On Thu, Aug 20, 2009 at 1:40 PM, Dru Devore<[hidden email]> wrote:
> Is there an annotation available with spring security to specify a logged in
> user?
>
> Such as
> @Secured(['LOGGED_IN'])
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email





--
Dru Devore
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security annotations

burtbeckwith
Use @Secured(['IS_AUTHENTICATED_REMEMBERED']) to require a logged-in user with any role, or @Secured(['IS_AUTHENTICATED_FULLY']) to require a user logged in via form login and not the remember-me cookie.

Burt

On Thursday 20 August 2009 1:55:58 pm Dru Devore wrote:

> I am using the spring security implemented in grails with nothing like ldap.
> Also, an administrator is not necessarily a user I could implement it that
> way but I haven't. It would be nice if I could create a role hierarchy to do
> what you mention.
>
>
>
> On Thu, Aug 20, 2009 at 1:49 PM, Tom Nichols <[hidden email]> wrote:
>
> > Shouldn't there be a group that comprises all users?  Such that
> > @Secured('ROLE_USERS')
> > implies that the user is logged in without putting further restriction
> > on their access.  I suppose it depends on what your underlying
> > authorization platform is (e.g. LDAP or something else; Grails doesn't
> > promote a certain auth system does it?)
> >
> > -Tom
> >
> >
> > On Thu, Aug 20, 2009 at 1:40 PM, Dru Devore<[hidden email]> wrote:
> > > Is there an annotation available with spring security to specify a logged
> > in
> > > user?
> > >
> > > Such as
> > > @Secured(['LOGGED_IN'])


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Loading...