I need to design a user role management module for online examine tool application, There are several users in the system (Admin, Moderator, Contributor, Examiner). These users have different privileges for the system.
I need to use the Spring framework and spring security for the user access system. How do I use the spring security for this module. Can anyone direct me to a good tutorial and your ideas allways welcome.
Based on your description, I think that you might be looking at a custom implementation of UserDetailsService.
It's worth checking out Stephan Gerth's ZK sample project, that integrates Spring, Hibernate, customized Spring security, ZK Ajax, etc. Here you have the announcement post, that has links to source and documentation. I suggest reading the chapter 13.2. Spring-Security (and related), that should help you navigate the source code.
Try this one Spring Authorization and Authentication.A very simple tutorial for beginners.
Related
I have been working on an infrastructure project that has a myriad of pages that used in numerous flow based scenarios. I eager to use a standard framework for facilitating this flows. I have a glance on spring web flow and I realize it is difficult to deal with all of the XML stuff like flow files. Could you please tell me is there an annotation base version instead of these XML files? Or Is there any other frameworks that use annotation based approach for this purpose. Moreover, I saw Seam framework, but like Spring Web Flow it has an XML based feature. Additionally, I read some articles about Netui Page Flows. Even though it has annotation based flows, as you know it is a very old framework and discontinued now.
I use this links:
spring web flow support in intellij idea 12
Spring Web Flow Ref Book
spring web flow
As I need this xml based file for create a web flow for my JSP pages into my enterprise application, after month looking for best solutions and frameworks, finally I find Spring Statemachine for my porpuse. I put that here for someone in future that looks for object-oreinted state machine that can be used in her/his page flow.
Thank you Spring :)
I was wondering if anybody could explain(or point me to proper documentation) and Spring Security in Hybris. I have used Spring Security before in Java based applications and I have always enjoyed the flexibility of custom groups with specific functions. I was unable to find any documentation on how to do that in Hybris. Ideally, I would be able to add security to CMS site without creating a separate storefront. How does Hybris allow to extend Spring Security? Thanks!
Generally, there is spring security config at this location. **web/webroot/WEB-INF/config/spring-security-config.xml . Here you can play with the configuration. wiki page
Hybris supports different user groups and rules about them, which can be seen here .
It really depends on your goal but some things can be done with Hybris restrictions engine.
It is always recommended create your own extension (extending the default one) and not using the platform extension, if i understood your idea correctly. There you can find the spring-security-config and modify it.
When I worked with grails I faced a plugin https://grails.org/plugin/spring-security-ui which allowed to CRUD Users and Roles with corresponding UI so one didn't need to write code for CRUD/filter Users and Roles. Now I work with Spring Boot and writing web-application and looking for something similar (to https://grails.org/plugin/spring-security-ui) some dependency plugin etc which would introduce similar functionality. Is there someting similar for Spring Boot or I need to write the functionality from the scratch?
Thanks, cheers
I think Spring Vaadin should manage with that.
Imagine a website permissions similar to Reddit. A specific user-account has access to "SUPER-MOD" for "/r/subreddit-A" and "MOD" on "/r/Subreddit-B" and finally "BANNED" on "/r/Subreddit-C"
The way our spring security config is currently setup is we have the concept(s) of SUPER-MOD, MOD, USER, etc... but not SUPER-MOD(domain-A).
Clearly, writing my own code for this is not rocket science, but I was wondering if there was a common or standard interface for these types of permissions.
P.S. We're using Spring MVC / Tomcat. Articles & tutorials welcome.
The way that I have usually dealt with roles is typically using the Expression-Based Access Control with Spring. Since you seem to have most of the roles and permissions defined it should be a piece of cake getting them out of the security context.
Just make sure you have <global-method-security pre-post-annotations="enabled"/> because lack of that will obviously make the annotations useless.
Anyway hope that helps.
I'm working on a implementation of a webapp in Java, where there will be limitations on some roles shall only be able to read data and some to update. All roles shall not have access to all pages.
I've looked at Apache Shiro together with JSP/Javascrip/CSS.
Are there any other alternatives for this?
Or is this the best choice?
//Henrik
Consider Spring Security, formerly known as Acegi.
http://projects.spring.io/spring-security/
Seems it's a bit more mainstream:
http://www.indeed.com/jobtrends?q=Apache++Shiro%2C+Spring+Security&l=