tag:blogger.com,1999:blog-8795604888160975763.post9050914799910749577..comments2023-09-25T12:19:02.322+02:00Comments on Solid Craft: Spring Security by example: securing methodsjnbhttp://www.blogger.com/profile/11945481488520599011noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-8795604888160975763.post-39506345192748623272012-10-15T10:56:08.746+02:002012-10-15T10:56:08.746+02:00Nice Tutorial!
We can Refer also below
http://ww...Nice Tutorial!<br /><br />We can Refer also below<br /><br />http://www.hardik4u.com/2012/10/spring-security-p1.htmlhardiktechoworldhttps://www.blogger.com/profile/12503756543599620974noreply@blogger.comtag:blogger.com,1999:blog-8795604888160975763.post-46310763137473901272012-06-27T10:09:07.960+02:002012-06-27T10:09:07.960+02:00Hi, can I have multiple permission providers? One ...Hi, can I have multiple permission providers? One each for each modules? This is because the business logic implemented is different and complex. Is it possible to configure multiple permission providers in security config file? <br /><br />Thanks/Joecamelhttps://www.blogger.com/profile/01092310757251962598noreply@blogger.comtag:blogger.com,1999:blog-8795604888160975763.post-81067475137109028912012-04-20T16:08:27.129+02:002012-04-20T16:08:27.129+02:00and if you want to use this without the debug comp...and if you want to use this without the debug compile information available<br /><br />http://lifewithcode.blogspot.co.uk/2012/04/spring-security-preauthorizehaspermissi.htmlstevegalhttps://www.blogger.com/profile/05890360931221883730noreply@blogger.comtag:blogger.com,1999:blog-8795604888160975763.post-33914592321827641122011-05-17T00:55:34.857+02:002011-05-17T00:55:34.857+02:00Jakub, this tutorial is great, simple, and easy to...Jakub, this tutorial is great, simple, and easy to read but it would even more helpful if you include your configuration in the matter of "load/compile time weaving" on your method security section. I really think so.Christianhttps://www.blogger.com/profile/01009522813126720418noreply@blogger.comtag:blogger.com,1999:blog-8795604888160975763.post-61083574836497055952011-05-04T09:18:57.888+02:002011-05-04T09:18:57.888+02:00@thundersaint: yeah, there is no magic in here.
...@thundersaint: yeah, there is no magic in here. <br /><br />Securing methods works by adding aspect to your code, which means: some other code will be called before/after/instead of your method, and AFAIK there are only three options to do that:<br /><br />"Weaving: [..] can be done at compile time (using the AspectJ compiler, for example), load time, or at runtime."<br />(http://static.springsource.org/spring/docs/3.0.x/reference/aop.html)<br /><br />"At runtime" means that your classes have to be defined as beans and injected by DI (IoC) container (Spring core), because Spring AOP will give you proxies with security checks instead of your *real* classes (proxies will be either Spring implementation of your public interfaces, or Spring classes inheriting from yours). <br /><br />When you want to call "new", something has to change your bytecode to check the security before every method call. With compile time weaving, security checks are "inserted into the compiled bytecode", while with load time weaving, there is a java agent that "takes over" loading the class, and gives you a modified version instead.<br /><br />Btw. Sorry for not being precise/correct, but AOP nomenclature is a bit wicked and I'd rather have a helpful and understandable answer than a correct one.jnbhttps://www.blogger.com/profile/11945481488520599011noreply@blogger.comtag:blogger.com,1999:blog-8795604888160975763.post-40191669085713655332011-05-04T00:31:12.574+02:002011-05-04T00:31:12.574+02:00I red your response again that i missed the part a...I red your response again that i missed the part about "load/compile time weaving". I used Java configuration which therefore my beans are loaded with new keyword. I assume then that method level security will not work if that is not done?Christianhttps://www.blogger.com/profile/01009522813126720418noreply@blogger.comtag:blogger.com,1999:blog-8795604888160975763.post-60799981029956875982011-04-22T11:07:58.692+02:002011-04-22T11:07:58.692+02:00It should not.
Can you put your sources somewhere...It should not. <br />Can you put your sources somewhere like in github for me to see?jnbhttps://www.blogger.com/profile/11945481488520599011noreply@blogger.comtag:blogger.com,1999:blog-8795604888160975763.post-13831118547467286032011-04-22T02:37:06.652+02:002011-04-22T02:37:06.652+02:00I am not using Maven actually. I just use Ant Scr...I am not using Maven actually. I just use Ant Script to deploy my app to Tomcat. It should not matter, right?Christianhttps://www.blogger.com/profile/01009522813126720418noreply@blogger.comtag:blogger.com,1999:blog-8795604888160975763.post-13061263175060036082011-04-20T11:23:39.963+02:002011-04-20T11:23:39.963+02:00@Christian: Not sure what you mean by "ACL Mo...@Christian: Not sure what you mean by "ACL Module".<br /><br />I've just checked on a new project. On a class defined in spring IoC I have a method:<br /><br />@PreAuthorize("isAuthenticated()")<br />public boolean securedMethod() {<br /> return true;<br />}<br /><br />Assuming you have dependecies in your pom (described here: http://blog.solidcraft.eu/2011/03/spring-security-by-example-set-up-and.html) the only thing I needed to add, to make this method protected (throwing AccessDeniedException for not logged in user) was to add this to spring configuration:<br /><br /><global-method-security pre-post-annotations="enabled"/><br /><br />Nothing more.<br /><br />Maybe your @PreAuthorize annotation is on a class, which is not defined in IoC (or created by "new" without load/compile time weaving)?jnbhttps://www.blogger.com/profile/11945481488520599011noreply@blogger.comtag:blogger.com,1999:blog-8795604888160975763.post-8964597027993225552011-04-20T02:21:22.366+02:002011-04-20T02:21:22.366+02:00Do you need the ACL Module to make this work? My m...Do you need the ACL Module to make this work? My method security is not working... Any of my method with @PreAuthorize annotation is not evaluated at all. Is there anything that I should do as a pre-condition to doing your example?Christianhttps://www.blogger.com/profile/01009522813126720418noreply@blogger.comtag:blogger.com,1999:blog-8795604888160975763.post-82924719085973072542011-04-20T02:19:19.525+02:002011-04-20T02:19:19.525+02:00This comment has been removed by the author.Christianhttps://www.blogger.com/profile/01009522813126720418noreply@blogger.com