I was wondering if anybody could explain(or point me to proper documentation) and Spring Security in Hybris. I have used Spring Security before in Java based applications and I have always enjoyed the flexibility of custom groups with specific functions. I was unable to find any documentation on how to do that in Hybris. Ideally, I would be able to add security to CMS site without creating a separate storefront. How does Hybris allow to extend Spring Security? Thanks!
Generally, there is spring security config at this location. **web/webroot/WEB-INF/config/spring-security-config.xml . Here you can play with the configuration. wiki page
Hybris supports different user groups and rules about them, which can be seen here .
It really depends on your goal but some things can be done with Hybris restrictions engine.
It is always recommended create your own extension (extending the default one) and not using the platform extension, if i understood your idea correctly. There you can find the spring-security-config and modify it.
Related
I have been working on an infrastructure project that has a myriad of pages that used in numerous flow based scenarios. I eager to use a standard framework for facilitating this flows. I have a glance on spring web flow and I realize it is difficult to deal with all of the XML stuff like flow files. Could you please tell me is there an annotation base version instead of these XML files? Or Is there any other frameworks that use annotation based approach for this purpose. Moreover, I saw Seam framework, but like Spring Web Flow it has an XML based feature. Additionally, I read some articles about Netui Page Flows. Even though it has annotation based flows, as you know it is a very old framework and discontinued now.
I use this links:
spring web flow support in intellij idea 12
Spring Web Flow Ref Book
spring web flow
As I need this xml based file for create a web flow for my JSP pages into my enterprise application, after month looking for best solutions and frameworks, finally I find Spring Statemachine for my porpuse. I put that here for someone in future that looks for object-oreinted state machine that can be used in her/his page flow.
Thank you Spring :)
I'm looking for a way to create a free version and a paid version of an application. I was wondering if spring has the functionality to group/tag services so I can switch between services i.e. services which don't do much for a free user and the actual service for the paid user.
Is this the right approach? or is there another framework which lets me do this and works well with spring?
Is there a way I can do the same in the front end i.e. show or hide features/icons based on the type of user?
-- Edited --
The project is a multi module maven project with a war module and 3 jars which uses Spring framework with spring security (nothing fancy) and angularjs.
The requirement is that I should be able to build the war file based on different configuration. For example, lets say a client doesn't want a particular feature, I should be able to turn it off by just changing some configuration. So the user will not see that particular feature anymore.
Can it be done?
My advice is to do the licensing in your code. Its much
more flexible, and its not difficult to implement! and easier to maintain....
You can use bean definition profiles to use different bean implementations depending on startup parameters, but that would require that you are in charge of the startup parameters used for launching the application (i.e. this would not be a suitable solution for an application that is downloaded and run by the customer on his own machine; then the startup profile settings could be hacked).
More information on the intended application architecture is probably needed to give good advice here.
I'm working on a implementation of a webapp in Java, where there will be limitations on some roles shall only be able to read data and some to update. All roles shall not have access to all pages.
I've looked at Apache Shiro together with JSP/Javascrip/CSS.
Are there any other alternatives for this?
Or is this the best choice?
//Henrik
Consider Spring Security, formerly known as Acegi.
http://projects.spring.io/spring-security/
Seems it's a bit more mainstream:
http://www.indeed.com/jobtrends?q=Apache++Shiro%2C+Spring+Security&l=
I have a web app running with Grails looking after the view and controller and calling into a spring-mvc backend via the service layer (Grails app using services from spring-mvc backend). Now I need to implement Spring Security (SS) for the app.
Its at this point I'm not sure how to marry both. The backend already has a fully functioning spring security implementation but to get the Grails app to work I needed to exclude all transient spring security dependencies coming from the spring-mvc app and go with a purely Grails solution (maybe this was the wrong decision?). The backend already has User and Role objects complete with a user_roles table modelled via a joinTable annotation in the User domain.
Questions:
Am I on the right track? Ignore everything from java backend in terms of SS bar using its data objects and go with Grails impl with SS plugin? I've seen posts saying I don't even need to use the Grails plugin but they're quite old now and I'm not sure how I'd annotate my controllers and services.
If Grails is the way, I'm not sure what I need from by backend and what I need to reimplement/extend in Grails.
I have an SS extended User and UserDetailsService in the backend app but cannot use them as I've completely excluded all the SS jars that they depend on so I presume I have to roll my own?
So I implement a UserDetails object, a custom UserDetailsService (should this implement the GrailsUserService?) and expose the latter as a bean and everything should work? Wishful thinking maybe.
Any guidance, even at a high level would be much appreciated as I'm struggling to determine my approach at this point, never mind implementation.
I have managed to implement what I need to get this working. I have gone with the purely Grails approach and so have my own implementation of userDetails, an instance of which is returned by my custom userDetailsService.
One thing to look out for, if getting a proof of concept working, is to make sure that you are reading back your password in the format you are storing it in. Spring Sec will hash your password to compare against what is in your database and so you will not successfully load a user if your storing your password as plain text. One way around this is to use the following config in resources.groovy.
passwordEncoder(PlaintextPasswordEncoder)
But of course I would not advocate this as being the long term solution from a security point of view.
I need to design a user role management module for online examine tool application, There are several users in the system (Admin, Moderator, Contributor, Examiner). These users have different privileges for the system.
I need to use the Spring framework and spring security for the user access system. How do I use the spring security for this module. Can anyone direct me to a good tutorial and your ideas allways welcome.
Based on your description, I think that you might be looking at a custom implementation of UserDetailsService.
It's worth checking out Stephan Gerth's ZK sample project, that integrates Spring, Hibernate, customized Spring security, ZK Ajax, etc. Here you have the announcement post, that has links to source and documentation. I suggest reading the chapter 13.2. Spring-Security (and related), that should help you navigate the source code.
Try this one Spring Authorization and Authentication.A very simple tutorial for beginners.