10764

Customized Spring Security without Spring MVC

<ol> <li>

I am using my own MVC implementation and I am not sure, whether the Spring Security isn't designed specifically for the Spring MVC implementation. Is it still okay to use it?

</li> <li>

It is not clear to me, which parts of Spring Security I should use and which I don't need to. I suppose I don't need the URL filters as I need to validate the access specifically on the URL parameters in my controllers (for instance to check whether User is the owner of the Article). Something like:

if (request.getUser().isAllowedTo("EditArticle", 27)) {...} if (request.getUser().isAllowedTo("CategoryManager", 123)) {...} if (request.getUser().isInRole("Admin")) {...} </li> <li>

I could not find some clear way of users logging in/out programmatically. I've implemented my UserDetails and UserDetailsService classes to handle the users with JPA, but I don't see a way, how I can proceed with login and logout in my controllers.

</li> </ol>

EDIT:

I don't see a way how to put the <form> in my Freemarker templates - the only way of creating the form I found is with:

<http pattern="/login.htm*" security="none"/> <form-login login-page="/login.htm" default-target-url="/home.htm"/> </http>

How can I configure the structure of the login form? Can I create it by myself?

What I would like the most is to be able to handle the login by myself (for example with DWR) and not to use the magic j_security_checks...

It would be great, if I could handle the login request by myself and ask the auth service to login the user by myself (so I could easily use Direct Web Remoting (DWR)):

if (user.username.ok() and user.password.ok()) { authService.setUser(user); authService.setLoggedIn(true); }

Answer1:

<ol> <li>

Spring security is not limited to spring mvc and can be used with your own framework implementation. It provides handy services for authentication and session management.

</li> <li>

Spring is very convenient to use to leverage access by certain URLs but not limited to. You will be able to get which roles the current user has at the moment from the spring context and all the custom info you would include in your UserDetails object. There are number of ways to restrict access to certain actions by certain roles. However the code like if (request.getUser().isAllowedTo("EditArticle", 27)) {...} I think it will be simplier to check by yourself.

</li> <li>

Login and logout are done by calling specific urls. For login: /j_spring_security_check. For logout: /j_spring_security_logout.

</li> </ol>

Recommend

  • Spring Security:DataBase authentication provider
  • Spring Security Remember Me fails with CookieTheftException [duplicate]
  • Spring Security multiple dao authentication
  • Grails and Spring Security: Salt Value Must Be Null When Use with Crypto Module PasswordEncoder
  • Joining tables without relation using JPA criteria
  • copy data from a mysql database to other mysql database with java
  • Does Java EE 6 framework only for Web Application Or can I use it for Client Application as well
  • firebase unauth with google doesn't allow change of user
  • IllegalArgumentException caught when parsing URL with JSON String
  • Authentication - JavaScript - Logout issue
  • How to do JOIN ON query using Criteria API
  • How can I sync the html/session used between Django's 'Client' and Selenium's we
  • How do you create a Fuseki SPARQL server using the Apache Jena Java API?
  • (Tcl/Expect) clear screen after exit
  • Detecting null parameter in preprocessor macro
  • joining two bezier curves
  • Azure webjobs output logs indexing taking very long
  • ThreadStatic in asynchronous ASP.NET Web API
  • Why use database factory in asp.net mvc?
  • Can someone please explain to me in the most layman terms how to use EventArgs?
  • Login not working in Firefox in Meteor
  • Django rest serializer Breaks when data exists
  • How to rebase a series of branches?
  • Recording logins for password protected directories
  • Is there any way to access browser form field suggestions from JavaScript?
  • jQuery show() function is not executed in Safari if submit handler returns true
  • Azure Cloud Service Web Role web pages do not load
  • How to make a tree having multiple type of nodes and each node can have multiple child nodes in java
  • Cassandra Data Model
  • Perl system calls when running as another user using sudo
  • Statically linking a C++ library to a C# process using CLI or any other way
  • what is the difference between the asp.net mvc application and asp.net web application
  • Codeigniter doesn't let me update entry, because some fields must be unique
  • python regex in pyparsing
  • Getting error when using KSoap library to consume .NET web services
  • How can I remove ASP.NET Designer.cs files?
  • python draw pie shapes with colour filled
  • Is there any way to bind data to data.frame by some index?
  • How to get NHibernate ISession to cache entity not retrieved by primary key
  • How can i traverse a binary tree from right to left in java?