Reputation: 371
how can I manage spring security url pattern in java class instead of xml config
I'm beginner in spring security and I have a problem with that((I used spring security 3.1)). I have a project and I have to read all spring security url pattern from Db instead of springSecurity application context.
how can I do it? my point is how can I manage access to special url in my java classes instead of use below config in springSecurity application context.
<intercept-url pattern="/customer/showAll" access="hasAnyRole('OPERATOR,ADMIN')"/>
thank you
Upvotes: 2
Views: 2119
Answers (1)
Reputation: 7817
You can provide your own implementation of FilterInvocationSecurityMetadataSource. In the Collection getAttributes(Object object) method you can load your patterns and access parameters from DB (see default implementation). Each pattern must be converted into RequestMatcher object. An access attribute value must be converted into a collection of ConfigAttribute objects. As an input object you will have incoming request. You must populate requestMap from DB. See here how configure Spring Security to use your own FilterInvocationSecurityMetadataSource implementation instead of default ExpressionBasedFilterInvocationSecurityMetadataSource.
Upvotes: 3
Related Questions
- How to disable spring security for particular url
- How to apply Spring Security AntMatchers pattern only to url with pathVariable
- How to remove a url pattern from spring security authentication?
- URL Pattern with Spring MVC and Spring Security
- Spring security custom login url
- How to put a URL with a regular expression in Spring Java based configuration
- Spring Security Url Pattern is not working
- How to ignore Spring Security config for every thing except a pattern
- How to secure URLs using Spring security?
- Modify spring security intercept URL dynamically