hi all..
is there a way to pass a collection of authorities in the annotation of an action for controller like i want to configure authorities list at one place say in an interface where i can collect all the authorites list then i want use there reference in the annotations of the controller. my interface for the authorities collection is some thing like public interface ModuleAuthList { def w_BillingPlanAuth = [ 'Admin', 'Cbis_Oprtr', 'w_BPlan',] def r_BillingPlanAuth = [ 'Admin', 'Cbis_Oprtr', 'w_BPlan','r_BPlan',] ............ } now i want to user this authority group in different controllers like @Secured(['IS_AUTHENTICATED_REMEMBERED']) class HomeController { @Secured(ModuleAuthList.w_BillingPlanAuth) def index = { ....... do some codes.... } or is there other alternatives ways to collect authorities at one place and use them at other codes stuff in order to prevent redundancy and consistancy issues thanks in advance!!
Madan Sen
|
hi any solution to this
Madan Sen
|
In reply to this post by madansen
hi Grails !!
still waiting to have the solution how can we pass a collection to springsecurity service in controllers annotations
Madan Sen
|
still looking for some alternative to pass collection of authorities declared in an interface or groovy class to spring security wia controllers annotation
any help thanks in advance
Madan Sen
|
It doesn't seem possible, due to a limitation of annotation values for array types. The rules for valid values for annotations are pretty strict and limiting.
Burt
On May 30, 2012 at 2:48 AM madansen <[hidden email]> wrote: > still looking for some alternative to pass collection of authorities declared > in an interface or groovy class to spring security wia controllers > annotation > > any help > thanks in advance > > > ----- > Madan Sen > -- > View this message in context: http://grails.1312388.n4.nabble.com/Spring-Security-plugin-annotation-issue-tp4628581p4629190.html > Sent from the Grails - user mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe from this list, please visit: > > http://xircles.codehaus.org/manage_email > > |
This post was updated on .
Thanks Burt for the reply
so what can we do if a group of controllers have same set of authorities do i duplicate the code to every annotation and in future if i want to restrict some of the roles in that group of controllers than..
Madan Sen
|
"so what can we do if a group of controllers have same set of authorities "
According to this [blog|http://burtbeckwith.com/blog/?cat=20] you should be able to annotate the security rules on a base class and have all your controllers that share the same rules inherit from the same base class. You can then fine tune the rules on each of the derived classes in the future. |
In reply to this post by madansen
I wrote up a solution here: http://burtbeckwith.com/blog/?p=1398 - let me know if this works for you.
Burt
|
I have the same problem and I tackled it with another approach. Whenever I have something that requires multiple roles, I create a new "meta-role" that abstracts the collection. The meta-roles do not represent a single role in a database, but are rather just for internal application use.
As an example in your case, your could have the two meta-roles: "ROLE_META_BILLING_PLAN_R" and "ROLE_META_BILLING_PLAN_W" Now the controller can be annotated with e.g. @Secured("ROLE_META_BILLING_PLAN_W"). The only thing that is necessary, is to hook into the mechanism that populates the roles (authorities) of the used UserDetails object. The logic can be pretty simple. After the regular authorities have been populated, you simply check if all of the necessary authorities are available and then add the respective meta-roles. The Strings in the @Secured annotation can even be string constants (static final ROLE_META_BILLING_PLAN_R = "..."). However, this sometimes lead to compile error and I have to do a clean/compile cycle to resolve it. Of course, the necessary meta-roles count could explode fast, depending on the requirements, but its fine for simple cases. REMARK: It should be kept in mind, that multiple roles in the @Secured annotation are conjunct, meaning that ALL the roles need to be present. Again, this can be circumvented by using suitable meta-roles and adapt the logic to grant this meta roles. Cheers, Ben
Cheers,
Ben |
In reply to this post by burtbeckwith
Thanks Burt,
It realy help me. And is exactly what i am expecting.
Madan Sen
|
In reply to this post by Benjamin Wolff
i was having different scenario it is not necessary that user is having all these authorities i.e it mightbe possible some of the user is having only single or two auths
Burts blog http://burtbeckwith.com/blog/?p=1398 had realy helped me
Madan Sen
|
Free forum by Nabble | Edit this page |