Access Control « Security « Spring Q&A





1. Security framework for java with object granularity    stackoverflow.com

I am looking for a security framework for Java web application with Object granularity. What it means is that I don't just want to filter by urls or by roles, but ...

2. Access control for a services (design decision)    stackoverflow.com

Let's say we have an interface 'IA' for which we have an implementation 'A'. In our application domain, object 'A' never exists without a container object 'X'. So 'A' is never directly ...

3. Does it make sense to use expression-based access control in Spring Security?    stackoverflow.com

I am considering to utilize Expression-Based Access Control from Spring Security 3.0. The documentation says: You can access any of the method arguments by name as expression variables, provided your ...

4. Using Group Based Access Control in Spring security 3.0    stackoverflow.com

I am working with CAS integration with my web application with Spring security 3.0 framework.I created a secured page which will be accessed only if the user has ROLE_SUPERVISOR role.

  1. When using ...

5. Access control using Spring Security in ExtJS client?    stackoverflow.com

I am using Grails 1.3.7, Spring Security Plugin for Grails, and ExtJS 3.3.1. I will have about 20 roles in my app and use static URL rules to secure my controller ...

6. Role based access control for JSF 1.2?    stackoverflow.com

I need suggestions on implementing role based access control in an existing JSF 1.2 application. Here are a few constraints I have:

  1. Stuck with JSF 1.2, cannot upgrade to a higher version
  2. No custom ...

7. Role-based access control with Spring MVC     stackoverflow.com

I would like to know the best practices for the role based access control with spring. My requirements are, I will have set of roles assigned to users say,

user1=admin, ...

8. Access-Control-Allow-Origin in OC4J 10.1.3.1    stackoverflow.com

We're still running our applications on an OC4J 10.1.3.1 container. We recently started developing web services and we noticed that there's a problem when we try to use those web services ...

9. Spring Security - how can I ask invoke access control methods directly?    stackoverflow.com

There's a lot of documentation on how to use jsp tags, aop, annotations, the application context, and all of these sorts of things... but how do I access the access control ...





10. How to provide Field Level security in an application using ExtJS for front and Spring for backend?    stackoverflow.com

I have an application which uses Spring for backend and ExtJs for UI. In this application, users can have variours roles and access rights. When a user logs in and opens a form, ...

11. declarative access control for dynamic URLs depending on a principal's attribute    forum.springsource.org

declarative access control for dynamic URLs depending on a principal's attribute Hi, in my application, a (externally authenticated) user is signed in to one of several "projects". These have urls like ...

12. Role-based access control (RBAC) with Spring    forum.springsource.org

Role-based access control (RBAC) with Spring As another poster has said, this has been posted several times over the years. And still, there is no good answer to the question how ...

13. Bypass access control for admin user    forum.springsource.org

Hi I have implemented method level security using spring annotations: Code: public class GreetServiceImpl implements GreetService{ @Secured({"ROLE_USER"}) public String greet(String username){ ... } @Secured({"ROLE_EDIT_USER"}) public String update(String username, Data data){ ... ...

14. Expression-Based Access Control- use wildcard "ROLE_*"    forum.springsource.org

You can use any attributes you want, but the actual interpretation depends on the AccessDecisionManager and the combination of AccessDecisionVoter instances it is configured with. ROLE_ attributes are typically processed by ...

15. Access Control Strategy    forum.springsource.org

I'm slowly moving my design with no framework to Spring. Everything seems very intuitive, except I don't know how to replace the filters that I have. I used to have all ...

16. How to control behaviour when a user does not have access?    forum.springsource.org

Hey there, Currently, with my usuage of acegi, when a user does not have access to a page (but they are authenticated), a standard HTTP Status 403 - error is displayed. ...





17. JMX and access control    forum.springsource.org

Hi, If you run several web apps inside one server like Tomcat is it possible to give separate JMX access for each web app? Each web app is using Spring (several ...

18. does spring have role based access control?    forum.springsource.org

does spring have role based access control? Hey all, this may not be posted in the correct forum but I didn't know where else to put it. I'm researching RBAC and ...

19. how to do ip access control    forum.springsource.org

Hi there, I wonder to know if it is possible to use acegi security to control which ip address can access my system? I am very new to acegi, and I ...

20. Rule based domain object access control    forum.springsource.org

Rule based domain object access control Hi, we are using most parts of acegi for securing our application (authentication, web request authorisation and method level authorisation) We are now looking at ...

21. Permission based access control    forum.springsource.org

Permission based access control Hi, I am new with Acegi, but I believe is an excellent product. But I want to know if is it possible to make a "PBAC" application. ...

22. database access control- 2 datasources    forum.springsource.org

database access control- 2 datasources Hi , We are having 2 different schemas access, one is regular module level access and other is security db schema. Basically we want to make ...

23. More than One Access Control Policy    forum.springsource.org

Is it possible to have more than one access control policy? Such that the interceptor will check one policy for a particular username and password. If found then that username and ...

24. Acegi access Control doubt?    forum.springsource.org

Acegi access Control doubt? I have integrated cas with acegi and secured my spring application. Usually, we specify the user name and roles in our xml file as follows Code:

25. using Acegi to control access to objects    forum.springsource.org

using Acegi to control access to objects Hi, i'm new to acegi and I'm looking to use it to control access to certain domain objects. I have a question; How exactly ...

26. Access Control Exceptopn :access denied    forum.springsource.org

Access Control Exceptopn :access denied Hi there! I am new to Spring Framework, that's why I have started with the step by step tut that is on this page ( no ...

27. Does Spring Security 2.0.2 support Privilege based Object Access Control ???    forum.springsource.org

Does Spring Security 2.0.2 support Privilege based Object Access Control ??? Reading Spring Security 2.0.2 Reference documentation, it appears to provide mostly Role based Access Control but we have requirement to ...

28. Access Control List design considerations    forum.springsource.org

Access Control List design considerations Hi, Just looking around the various implementations for ACL around domain objects. I see Spring Security offer such implementation, which is quite nice but with a ...

29. Full access control    forum.springsource.org

Hi. I need to find an intelligent and flexible solution for this problem: we have several users with different roles for each existent application soo the objectives are: control user access ...

30. What is the best way to add access control rules?    forum.springsource.org

What is the best way to add access control rules? I created a domain model with roo and would like to add rules to filter data and restrict access depending on ...

31. Show / Hide Controls based on roles / access rights    forum.springsource.org

Show / Hide Controls based on roles / access rights Hi, Is there a common way or design pattern similar to the solution in jsp to show/hide or enable/disable ui components ...

32. ACEGI - Method-based Access Control Error    forum.springsource.org

I followed the samples as given in http://affy.blogspot.com/2005/10/ace...hod-based.html Tried with 'org.acegisecurity.userdetails.memory.InMemoryDaoI mpl' able to run successfully. But when i tried with org.acegisecurity.userdetails.jdbc.JdbcDaoImpl getting fail in one of the method name public ...

33. Access Control in layered approach    forum.springsource.org

Access Control in layered approach All, In general we design J2EE Applications in following layers. Service Layer -> Business Layer -> Resource Layer. Service Layer typically defines the service definitions and ...

34. method access control failed, can anyone help?    forum.springsource.org

method access control failed, can anyone help? I tried to control access for method by following solutions, but none is working, can anyone tell me why? Add @PreAuthorize("hasRole('ROLE_USER')"), and then in ...