go to  ForumEasy.com   
JavaPro
Home » Archive » Message


[Email To Friend][View in Live Context][prev topic « prev post | next post » next topic]
  Spring Security -- Configuration
 
Subject: Spring Security -- Configuration
Author: WebSpider
In response to: Spring Security
Posted on: 11/23/2017 02:48:14 AM

/WEB-INF/spring/spring-security.xml

Example #1: Role based + In-Memory authentication

	<!-- AUTHORIZATION -->
	<http pattern="/img/**" security="none" />

	<http auto-config="true">
		<intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
		<intercept-url pattern="/app/**/*" access="ROLE_USER" />
	</http>

	<!-- AUTHENTICATION (in memory) -->
	<authentication-manager>
	  <authentication-provider>
	    <user-service>
		<user name="john" password="john_pass" authorities="ROLE_USER" />
		<user name="lisa" password="lisa_pass" authorities="ROLE_USER, ROLE_ADMIN" />
	    </user-service>
	  </authentication-provider>
	</authentication-manager>


Example #2: Expression-Based Access Control + LDAP authentication
	<!-- AUTHORIZATION -->
	<http pattern="/img/*" security="none" />

	<http auto-config="true" use-expressions="true">
		<intercept-url pattern="/img/*" access="permitAll" />
		<intercept-url pattern="/app/**/*" access="isAuthenticated()" />
		<intercept-url pattern="/**/*" access="permitAll" />
	</http>

	<!-- AUTHENTICATION (LDAP) -->
	<authentication-manager>
	    <authentication-provider ref="ldapActiveDirectoryAuthProvider"></authentication-provider>
	</authentication-manager>

	<beans:bean id="ldapActiveDirectoryAuthProvider"
class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
	    <beans:constructor-arg value="abc.xyz.com"></beans:constructor-arg>
	    <beans:constructor-arg value="ldaps://ad.abc.xyz.com:636"></beans:constructor-arg>
	</beans:bean>


The most common built-in expressions:
  • hasRole([role])
  • hasAnyRole([role1,role2])
  • hasAuthority([authority])
  • hasAnyAuthority([authority1,authority2])
  • principal -- allows direct access to the Principal object
  • authentication -- allows direct access to the Authentication object
  • permitAll
  • denyAll
  • isAnonymous()
  • isRememberMe() -- returns true if the current principal is a remember-me user
  • isAuthenticated() -- !isAnonymous()
  • isFullyAuthenticated() -- !(isAnonymous()||isRememberMe())
  • hasPermission(Object target, Object permission) -- hasPermission(domainObject, 'read')
  • hasPermission(Object targetId, String targetType, Object permission) -- hasPermission(1, 'com.example.Message', 'read')


     

    > On 11/23/2017 02:42:43 AM WebSpider wrote:
    Introduction

    Spring Security provides security services for J2EE-based enterprise software applications.


    Prerequsites

  • Eclipse with Spring Tools Suite (STS) -- link
  • Dependencies (pom.xml):
    	<dependencies>
		<!-- Spring -->
		<!-- ... other dependency elements ... -->
		<dependency>
		    <groupId>org.springframework.security</groupId>
		    <artifactId>spring-security-web</artifactId>
		    <version>4.2.3.RELEASE</version>
		</dependency>
		<dependency>
		    <groupId>org.springframework.security</groupId>
		    <artifactId>spring-security-config</artifactId>
		    <version>4.2.3.RELEASE</version>
		</dependency>
		<dependency> <!-- optional,  LDAP related -->
		    <groupId>org.springframework.security</groupId>
		    <artifactId>spring-security-ldap</artifactId>
		    <version>4.2.3.RELEASE</version>
		</dependency>				
	</dependencies>





    References:

    		•  


     
    Powered by ForumEasy © 2002-2022, All Rights Reserved. | Privacy Policy | Terms of Use
     
    Get your own forum today. It's easy and free.