Customizing voters:
public class MyRightVoter extends RoleVoter implements AccessDecisionVoter
{
public int vote( Authentication authentication, Object object,
Collection attributes )
{}
}
Defining proper access decision manager and adding customized voter to it:
* To override http decision manager beans must be added to applicationContext-security.xml and for method based in controller must be added in webmvc-config.xml and add to it.
public class MyRightVoter extends RoleVoter implements AccessDecisionVoter
{
public int vote( Authentication authentication, Object object,
Collection attributes )
{}
}
Defining proper access decision manager and adding customized voter to it:
* To override http decision manager beans must be added to applicationContext-security.xml and for method based in controller must be added in webmvc-config.xml and add
Adding new decision manager for method and http handling:
* aspectj mode is used when want to add security to our aspects like roo generated aspect (new aspect should be defined to annotate security to methods), this mode should be defined in applicationContext-security.xml, this global definition doesn't require to reference acess-decision-manage, as the main one that is in use, defined in webmvc-config.xml
* It is possible to customize authentication to return customized authority of users by implementing getAuthorities() method.
* Don't forget to add the following item to spring/webmvc-config.xml to use annotation in spring controllers
No comments:
Post a Comment