Quantcast

Spring Security plugin annotation issue

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Spring Security plugin annotation issue

madansen
hi all..
          is there a way to pass a collection of authorities in the annotation  of an  action for controller like

         i want to configure authorities list  at one place say in an interface where i can collect all the authorites list
 
     then i want use there reference in the annotations of the controller.
  my interface for the authorities collection is some thing like

   public interface ModuleAuthList {

                        def w_BillingPlanAuth = [ 'Admin', 'Cbis_Oprtr', 'w_BPlan',]

                         def r_BillingPlanAuth = [ 'Admin', 'Cbis_Oprtr', 'w_BPlan','r_BPlan',]
                            ............
   }

 now i want to user this authority group in different controllers
like  

@Secured(['IS_AUTHENTICATED_REMEMBERED'])
class HomeController {

   

   @Secured(ModuleAuthList.w_BillingPlanAuth)
   def index = {
          .......  do some codes....
    }

or is there other alternatives ways to collect authorities at one place and use them at other codes stuff in order to prevent redundancy and consistancy issues


thanks in advance!!

Madan Sen
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security plugin annotation issue

madansen
hi any solution to this
Madan Sen
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security plugin annotation issue

madansen
In reply to this post by madansen
hi Grails !!
                 still waiting to have the solution
                how can we pass a collection to springsecurity service in controllers annotations
Madan Sen
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security plugin annotation issue

madansen
still looking for some alternative to pass collection of authorities declared in an interface or groovy class  to spring security wia controllers annotation

any help
thanks in advance
Madan Sen
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security plugin annotation issue

burtbeckwith

It doesn't seem possible, due to a limitation of annotation values for array types. The rules for valid values for annotations are pretty strict and limiting.

 

Burt 

 


On May 30, 2012 at 2:48 AM madansen <[hidden email]> wrote:

> still looking for some alternative to pass collection of authorities declared
> in an interface or groovy class  to spring security wia controllers
> annotation
>
> any help
> thanks in advance
>
>
> -----
> Madan Sen
> --
> View this message in context: http://grails.1312388.n4.nabble.com/Spring-Security-plugin-annotation-issue-tp4628581p4629190.html
> Sent from the Grails - user mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>     http://xircles.codehaus.org/manage_email
>
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security plugin annotation issue

madansen
This post was updated on .
Thanks Burt for the reply
                                                so what can we do if a group of controllers have same set of authorities
 do i duplicate the code  to every  annotation
and in future  if i want to restrict some of the roles  in that group of controllers than..
Madan Sen
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security plugin annotation issue

Hay Tran
"so what can we do if a group of controllers have same set of authorities "

According to this [blog|http://burtbeckwith.com/blog/?cat=20] you should be able to annotate the security rules on a base class and have all your controllers that share the same rules inherit from the same base class.  You can then fine tune the rules on each of the derived classes in the future.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security plugin annotation issue

burtbeckwith
In reply to this post by madansen
I wrote up a solution here: http://burtbeckwith.com/blog/?p=1398 - let me know if this works for you.

Burt

madansen wrote
Thanks Burt for the reply
                                                so what can we do if a group of controllers have same set of authorities
 do i duplicate the code  to every  annotation
and in future  if i want to restrict some of the roles  in that group of controllers than..
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security plugin annotation issue

Benjamin Wolff
I have the same problem and I tackled it with another approach. Whenever I have something that requires multiple roles, I create a new "meta-role" that abstracts the collection. The meta-roles do not represent a single role in a database, but are rather just for internal application use.

As an example in your case, your could have the two meta-roles: "ROLE_META_BILLING_PLAN_R" and "ROLE_META_BILLING_PLAN_W"

Now the controller can be annotated with e.g. @Secured("ROLE_META_BILLING_PLAN_W"). The only thing that is necessary, is to hook into the mechanism that populates the roles (authorities) of the used UserDetails object. The logic can be pretty simple. After the regular authorities have been populated, you simply check if all of the necessary authorities are available and then add the respective meta-roles.

The Strings in the @Secured annotation can even be string constants (static final ROLE_META_BILLING_PLAN_R = "..."). However, this sometimes lead to compile error and I have to do a clean/compile cycle to resolve it.

Of course, the necessary meta-roles count could explode fast, depending on the requirements, but its fine for simple cases.

REMARK: It should be kept in mind, that multiple roles in the @Secured annotation are conjunct, meaning that ALL the roles need to be present. Again, this can be circumvented by using suitable meta-roles and adapt the logic to grant this meta roles.

Cheers,
Ben
Cheers,
Ben
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security plugin annotation issue

madansen
In reply to this post by burtbeckwith
Thanks Burt,
                        It realy help me.
                          And is exactly what i am expecting.  
Madan Sen
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security plugin annotation issue

madansen
In reply to this post by Benjamin Wolff
i was having different scenario it is not necessary that user is having all these authorities i.e it mightbe possible some of the user is having only single or two auths

Burts blog http://burtbeckwith.com/blog/?p=1398 
had realy helped me
Madan Sen
Loading...