permission « Security « Spring Q&A





1. Permissions checking in server-side API    stackoverflow.com

our product is built on a client-server architecture, with the server implemented in Java (we are using POJO's with Spring framework). We have two API levels on the server:

  • the external API, ...

2. Spring Security 2 and FormBean field permissions    stackoverflow.com

Let's say I have a handler in a Spring MVC controller:

@RequestMapping
public String myHandler(Model m, @RequestParam MyEntity entity)
However, MyEntity has several fields, some of which need different permissions to be able to ...

3. spring ACL - principal/SID not as user, but another entity    stackoverflow.com

I am looking into implementing Spring ACL for our project which as very stringent and fine-grained security requirements. I want to know if a certain scenario is possible. Based on Spring's ACL ...

4. Role, Users and Permission Admin Tool    stackoverflow.com

I might be wrong in my assumption, but it seems to me that many of the basic and even complex RBAC based mechanisems will end up needing a UI to create ...

5. Granting permissions in Spring Security ACL    stackoverflow.com

I am using the Spring Security ACL plugin in grails 1.3.7, but my question is probably more generic than that: I would like to allow users who have BasePermission.READ access to ...

6. Spring Security with roles and permissions    stackoverflow.com

I'm trying to set up role-based Security with permissions. I'm trying to do this together with Spring-Security. I don't want to set up ACL as it seems it's an overkill for ...

7. spring-security how ACL grants permissions    stackoverflow.com

I'm currently integrating springs-security into our new web application stack. We will need to be able to grant permissions for a user or role to access a specific object or all ...

8. spring-security writing a custom PermissionEvaluator - how to inject a DAO service?    stackoverflow.com

I'm working with Spring-Security and I need to implement my own PermissionEvaluator (following the answer to my other question. However looking at the standard implementation AclPermissionEvaluator here I ...

9. spring-security: how much customization is wise?    stackoverflow.com

How much custom implementation is wise when it comes to spring security? How optimized is it or what parts are optimized the most and where should one not custom implement unless ...





10. Method Level security with permissions not roles    stackoverflow.com

  • I want to make method level security for my spring application.
  • The security design is as follows: User > Roles > Permissions
  • Well when i use @PreAuthorize with hasRole it works fine.
  • But when ...

11. How to implement permission control in java?    stackoverflow.com

We developed a application, and need to implement permission control, which means someone can only search specific records in database:

  1. staff can only search their own records.
  2. supervisor can ...

12. the role and permission in spring security 3    stackoverflow.com

I am new in ss3,and I have read its reference,also I read the spring security book. However I do not find anything about the role-permission. For example,here is the config for form-based authentication.

 ...

13. Permission noob question    forum.springsource.org

14. Can you define an acl-entry which grants a permission to a ROLE as well as a User?    forum.springsource.org

Yes, you can define acl-entry granting permissions to ROLEs as well as Users. I understand how to use the acl framework to grant a certain permission to a 'user' for a ...

15. ACL domain class permissions    forum.springsource.org

ACL domain class permissions When using ACLs in Spring Security, is there an existing way to grant/deny permissions on a domain class level, rather than only at the object instance level? ...

16. number of ACL permissions for mulitple domain classes?    forum.springsource.org

number of ACL permissions for mulitple domain classes? It looks like ACL is using bitmask to store all permissions for one instance of object. It would an integer in Java and ...





17. Checks multiple permission in one tag.    forum.springsource.org

18. Method Level security with permissions not roles    forum.springsource.org

19. UnanimousBased grand access users without the permission    forum.springsource.org

UnanimousBased grand access users without the permission Users that are register for my web but are not allowed to access one of the webs, they can get in if they are ...

20. OpenSessionInViewFilter and write permission    forum.springsource.org

OpenSessionInViewFilter and write permission I am using OpenSessionInViewFilter with "Open In View" pattern. In order to allow the filter to flush the data to the database I overrode its closeSession() method ...

21. Permission Question    forum.springsource.org

Permission Question Hello there! I have a question that may have been answered some times, but I haven't found it through searching the forum. I'm using Tapestry 4.0 and Spring and ...

22. Implementation of XML based permissions in ACEGI    forum.springsource.org

23. how to dynamic load the permissions ??    forum.springsource.org

I want to extend PathBasedFilterInvocationDefinitionMap to implement loading permission from database. In the application I think two ways to impl this. 1 Use a memory list to record all the change ...

24. Acegi: hierarchical permission check    forum.springsource.org

Acegi: hierarchical permission check Hello! is it possible to check for permission in a hierachical way? (Like the java.security implementation) e.g. I want to check if a user has the permission: ...

25. ACL - Binary encoding of permissions ?    forum.springsource.org

ACL - Binary encoding of permissions ? Hello, I have an interesting problem about ACL for which I'm asking your advice. In my application, I have the necessity (client requirement) to ...

26. deny permission role?    forum.springsource.org

deny permission role? Everything in Acegi seems to be based on the principal of granting permission. Is it ok to deny permission based on a user having a certain role? For ...

27. Ability to create Group-specific (not Role) permissions w/Basic ACL package?    forum.springsource.org

Ability to create Group-specific (not Role) permissions w/Basic ACL package? Does the basic ACL package support the notion of Groups of Users? i.e. is it possible to grant access to a ...

28. security permissions    forum.springsource.org

security permissions I have a spring 2.0 web based application, using AOP, that will be deployed to a pretty well locked down server. In development, we noticed the moment we started ...

29. Bast way to arrange roles, groups and permissions?    forum.springsource.org

Bast way to arrange roles, groups and permissions? We want to use both the method level security and domain object security (ACL) parts of Acegi. However we also need the concept ...

30. Role Hierarchies/Groups/Permissions possible with Acegi?    forum.springsource.org

Hi guys, my question is, are role hierarchies/groups/permission objects possible with Acegi? I need to assign Permissions to specific roles at runtime via a web interface. It was possible with last ...

31. (new)ACLs, Before Invocation, AfterInvocationProviderManager and groups/permissions    forum.springsource.org

Hi, I know, that this has been discussed quite often and I have preused lots posts concerning this subject, yet there are still a few open questions and I'd be really ...

32. catalina permission    forum.springsource.org

Hi, Could you please let me know what is the permission I need to add in catalina.policy for spring.jar to run spring based web application on tomcat? Thanks.

33. catalina permission    forum.springsource.org

Hi, Could you please let me know what is the permission I need to add in catalina.policy for spring.jar to run spring based web application on tomcat? Thanks.

34. Spring File Permissions    forum.springsource.org

Spring File Permissions It looks like spring needs security policy restrictions so that it can write to: _/loader/META-INF/MANIFEST.MF write BeanDefinitionStoreException: Unexpected exception parsing XML document from class path resource [applicationContext.xml]; java.security.AccessControlException: ...

35. acl_permission creation with EJB3/hibernate    forum.springsource.org

acl_permission creation with EJB3/hibernate Hi all, I would like to dynamically manage my tables in my application. I created 2 EJB3 corresponding to the two tables acl_permission and acl_object_identity. I have ...

36. ACL permissions confusion    forum.springsource.org

ACL permissions confusion I'm confused as to how to determine from the acegi documentation what BasePermissions would correspond to what functionality. I see that there are several existing BasePermission constants: ADMINISTRATION ...

37. Permissions using roles    forum.springsource.org

38. Cumulative Permissions    forum.springsource.org

I'm a newbie to Acegi/Spring Security, I was curious what the use case or benefits of using cumulative permissions? The only thing I can think of at the moment is for ...

39. Problem with hierarchical permissions    forum.springsource.org

Problem with hierarchical permissions I am working through integrating spring security with an existing web application. I've managed to implement a custom UserDetailsService object that communicates with my existing database structure. ...

40. Web-based interface for users/authorities/permissions management    forum.springsource.org

Web-based interface for users/authorities/permissions management Hi, our project extensively uses Spring Security for authentication/authorization purposes. However, we are missing a simple user interface for CRUD management operations on users, authorities, and ...

41. ACL permission mask ignored?    forum.springsource.org

The documentation mentions a permission mask in the ACL for each entry (read, write, create, detele ...). But obviously this bit mask is not evaluated in the AclImpl class (see below). ...

42. Access Denied Permission with TilesConfigurer    forum.springsource.org

Nov 18th, 2008, 12:23 PM #1 sangupta View Profile View Forum Posts Private Message Junior Member Join Date Nov 2008 Posts 19 Access Denied Permission with TilesConfigurer Hi, I am using ...

43. One method, two required permissions    forum.springsource.org

Hi, Suppose I would like to filter the results of some method using more than one permission. For example, I have the method getAllUsers() that is used by the application both ...

44. Dumb ACL Permission Object Questions    forum.springsource.org

Dumb ACL Permission Object Questions I want to set someone's permissions to READ and WRITE. That person may or may not have permissions already set. I want those previous permissions cleared ...

45. Permission -> Role -> Group    forum.springsource.org

Permission -> Role -> Group Hi, We are currently designing new security standards and would like to use Spring Security. From our understanding Spring security is based on the concept of ...

46. Roles & permission- Spring Security    forum.springsource.org

Roles & permission- Spring Security Hi, I am new to spring security and i am developing an application using acegi security. Authentication is working fine. i am facing an issue in ...

47. Should AclImpl allow duplicate permissions?    forum.springsource.org

Should AclImpl allow duplicate permissions? Hi All, Im struggeling with permissions here. I have the following code (from denksoft) which allows me to add permissions to secured objects. public void addPermission(Entity

48. Modifying ACL permissions programmatically    forum.springsource.org

Sep 2nd, 2009, 07:46 AM #2 mrpack View Profile View Forum Posts Private Message Junior Member Join Date Mar 2009 Posts 28 I had a similar problem and tried going down ...

49. ACL: How to configure Permission Evaluator    forum.springsource.org

ACL: How to configure Permission Evaluator Hi all, I do not know how to configure the permission evaluator. Currently I do not get access to my objects. Looking into the logs, ...

51. Limit of 32 permissions for ACL system    forum.springsource.org

Why was the ACL system of Spring Security limited to 32 (bits) of permissions/actions? The first few are pre-defined and the assumption is that the remainder are free to use for ...

52. INSERT permission denied on BATCH_JOB_SEQ    forum.springsource.org

I have been unable to use the Spring Batch Framework because my company does not allow any direct SQL calls, period - no exceptions. All data access must be thru Stored ...

53. Admin Role == Always gets permission?    forum.springsource.org

I am trying to configure an Admin role(ROLE_ADMIN) that always gets permission do everything. There does not seem to be a way to do that without completely creating my own accessDecisionManager. ...

54. Install STS-2.3.2 permission denied on ubuntu linux    forum.springsource.org

Install STS-2.3.2 permission denied on ubuntu linux I downloaded springsource-tool-suite-2.3.2.RELEASE-e3.5.2-linux-gtk.tar.gz, and extracted to a directory. Code: /var/workspaces In this directory are three subdirectories Code: roo-1.0.2.RELEASE sts-2.3.2.RELEASE tc-server-6.0.20.C I navigate to the ...

55. Access denied even though Role has the required permission    forum.springsource.org

Access denied even though Role has the required permission Hello, First of all thank you for all those lines of code that you share as open source.. I just wish you ...

56. Groups and permissions    forum.springsource.org

Groups and permissions Hello, I have hard time to figure out how to implement groups and permissions.. What I need - Users belongs to groups - like, admin, moderators, or simply ...

57. ACL - listing objects with permission    forum.springsource.org

I was wondering the same thing, but end up with the conclusion that you have to wire the security into your business logic and filter the list by tuning your query, ...

58. Check permission on methods    forum.springsource.org

Check permission on methods Hi I need to know if a user has permissions to see a button created in an action. Having checking the access to one url (action), now ...

59. permissions/groups    forum.springsource.org

permissions/groups This question seems to have been asked many times over the years, but i have never found any satisfying answer. Is there out-of-the-box support for the general concept of Permissions/Roles/Groups? ...

60. Define own permission in ACL    forum.springsource.org

[INFO] Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 28): Field or property 'accept' cannot be found on object of type 'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot'

61. User Permissions Across Various Classes (best practices)    forum.springsource.org

User Permissions Across Various Classes (best practices) Here's my current situation. I have several "service" classes which contains my business logic layer between controllers/servlets and the data access layer. I strive ...