Is it possible to load intercept url from database. #32
Comments
|
Sorry, but I don't understand what you actually try to achieve. Which intercept url are you talking about? Can you elaborate a bit further? |
|
Thanks for your early reply. And sorry for my late reply. In context.xml we put access url like I want to save those access url in DB and want to load those url from DB. Fro those try to use these http://docs.spring.io/spring-security/site/faq/faq.html#faq-dynamic-url-metadata I think it is possible. Thanks for your help |
|
Hi, from the Spring Docs "The first thing you should ask yourself is if you really need to do this. If an application requires securing, then it also requires that the security be tested thoroughly based on a defined policy." However, if you require it, the easiest way is to probably not secure by url pattern at all and do the checking within the resource methods itsself. You have access to the security context and to the database and can throw exceptions if the user does not have sufficient rights. The more complex way would be to rework the AccessDecisionManager i guess. |
|
Hi, I understand your opinion. If I create a custom class that implements FilterInvocationSecurityMetadataSource, OptionsFromDataBaseFilterInvocationSecurityMetadataSource. Then I implement these methods: like this - http://docs.spring.io/spring-security/site/faq/faq.html#faq-dynamic-url-metadata Then what changes I have to made in context.xml. Thanks a lot for you help. |
I want to create dynamic role. For that need to save intercept url "<security:intercept-url method="GET" pattern="/rest/news/**" access="hasRole('USER')" />" in MySql DB then load it for DB.
Is it possible ?
Thanks for your help once again.
The text was updated successfully, but these errors were encountered: