Comments on: Spring Security customization (Part 1 – Customizing UserDetails or extending GrantedAuthority)

By: Venu

Venu — Tue, 09 Mar 2010 07:56:41 +0000

Can any one explain about "SwitchUser feature of Spring Security" in Spring3.0.x ?
Can you suggest me any online tutorials about "SwitchUser feature of Spring Security" in Spring3.0.x ?

Thanks In Advance

Thanks && Regards
Venu.K

By: Customizing SpringSecurity to protect each button of a page using Grails Acegi plugin « Felipe Cypriano

Wed, 14 Oct 2009 22:37:04 +0000

[...] The solution is fully based on SpringSecurity capabilities and should work on every project that uses it independent of plugins or frameworks that I use. Since spring security plugin does the hard work for us, we just need to create two more classes besides acegi's default user and role and extends UserDetailsService interface. This is based on zk_sample project and is a database implementation of this article by Oleg Zhurakousky. [...]

By: Felix

Felix — Wed, 16 Sep 2009 09:31:24 +0000

i hope you can help me with my problem or point me to where i can. im new to implementing spring and spring security

our security requirement goes like this. once a user logs into the application we will do a check to see if he has more than 1 role. if the user has more than 1 role we will show a page of the roles that the user has and ask the user to select the role that he wanted for that session.

i already created a subclass of the userdetails object and when the user selected the role i will modify the user object setAuthorities.

when doing this:
User user = (User) authentication.getPrincipal();
GrantedAuthority[] grarray=user.getAuthorities();

it is returning the updated Authorities but when doing this on the JSP page:

the "remove role" role not selected is still being seen which im expecthing should not since it is not in the userdetails anymore…

i hope you could help me. thanks a lot in advance.

By: gio2375

gio2375 — Fri, 17 Jul 2009 15:16:47 +0000

Great article Thanks very much. You saved me a lot of time. I've to do a little modify to make it working... Spring in security tags take account of only strings that start with "ROLE" and then our Businness functions that starts with "BF" are ignored. To avoid this I've set rolePrefix to "". That's the code: Giovanni

By: Vishal

Vishal — Tue, 14 Jul 2009 13:53:35 +0000

I have little different scenario.
– In my the case password stored in DB is in encrypted form.
– I have implemented 'UserDetailsService' so I need to give the implementation of loadUserByUsername(String username) method. But in this method, we get only the username that user has entered on login page. How can I get the password?

If somehow I get the password then I will encrypt the password and pass it to User (org.springframework.security.userdetails.User) Object.

By: Anand

Anand — Thu, 04 Jun 2009 14:30:31 +0000

intercept-url pattern="/index.htm*" access="ROLE_ADMIN" /

By: Anand

Anand — Thu, 04 Jun 2009 14:29:15 +0000

Why I'm not able to do following

By: john

john — Mon, 04 May 2009 23:44:35 +0000

Could you please help me with with configuring my IDE so that I can use 2.5 MVC framework and Security. I'm using NetBnz 6.5. I have the 2.5 framework, but it doesn't have the security .jars included. I downloaded the security .zip file, but I don't know what to do with it. Can I even use NetBnz to implement my apps? I would really appreciate it if you could help me out. Maybe I need to use a different IDE? Thank you very much.

By: Bousselham Salmi

Bousselham Salmi — Thu, 16 Apr 2009 13:38:35 +0000

Hi,

Thanks for both articles. Would appreciate if you provide an example using database tables instead properties files.

Thanks!

By: PR

PR — Thu, 05 Feb 2009 16:02:19 +0000

Hello,

Thanks for the article. Would appreciate if you could provide an example with LDAP. We are in the process of implementing a solution for our application.

Thanks