Comments on: Spring Security customization (Part 1 – Customizing UserDetails or extending GrantedAuthority)

By: Thiago

Thiago — Wed, 15 Sep 2010 18:21:01 +0000

I am trying to make it work here with custom roles that dont contaim the prefix "ROLE_". All my roles in the database are ADMIN, MANAGER, SUPERVISOR, USER AND SUPPORT.

When I change the following line

by this one

(USER is the low level role that must be in the authority list to get into the application)

i am getting this error:

java.lang.IllegalArgumentException: Unsupported configuration attributes: [USER]

I have changed the prefix in the roleVoter as follow

Does anyone have any idea what could be wrong?
Thanks

By: Thiago

Thiago — Wed, 15 Sep 2010 18:13:14 +0000

Hello blog author,

Would you create a post explaining how to use the switch user functionality of spring security? This feature is very good when dealing with user impersonation, but there is a lack of documentation and tutorial on this subject.

Thanks
T

By: Mukhi

Mukhi — Wed, 16 Jun 2010 15:28:11 +0000

You are coming up with nice articles that have solutions for real time issues. I have an issue in my application.
I have to pass an external parameter that gets appended to the url http://localhost:8080/account/edit?param=value.

when I enter this url and hit the go button, it is redirected to /login, since there is no user logged in to be redirected to edit account page. In /login page i want to check whether the param is set or not. But i am not getting the parameter what i have set in the URL. Can you please help me how can i solve this problem?

By: Dinesh

Dinesh — Thu, 20 May 2010 15:00:46 +0000

"I've to do a little modify to make it working… Spring in security tags take account of only strings that start with "ROLE" and then our Businness functions that starts with "BF" are ignored."

– Its good to create a BusinessFunctionRoleVoter that deals with prefix "BF_" and configure it as one of the decision voter list for the accessDecisionManager.

Thanks,
Dinesh

By: Venu

Venu — Tue, 09 Mar 2010 07:56:41 +0000

Can any one explain about "SwitchUser feature of Spring Security" in Spring3.0.x ?
Can you suggest me any online tutorials about "SwitchUser feature of Spring Security" in Spring3.0.x ?

Thanks In Advance

Thanks && Regards
Venu.K

By: Customizing SpringSecurity to protect each button of a page using Grails Acegi plugin « Felipe Cypriano

Wed, 14 Oct 2009 22:37:04 +0000

[...] The solution is fully based on SpringSecurity capabilities and should work on every project that uses it independent of plugins or frameworks that I use. Since spring security plugin does the hard work for us, we just need to create two more classes besides acegi's default user and role and extends UserDetailsService interface. This is based on zk_sample project and is a database implementation of this article by Oleg Zhurakousky. [...]

By: Felix

Felix — Wed, 16 Sep 2009 09:31:24 +0000

i hope you can help me with my problem or point me to where i can. im new to implementing spring and spring security

our security requirement goes like this. once a user logs into the application we will do a check to see if he has more than 1 role. if the user has more than 1 role we will show a page of the roles that the user has and ask the user to select the role that he wanted for that session.

i already created a subclass of the userdetails object and when the user selected the role i will modify the user object setAuthorities.

when doing this:
User user = (User) authentication.getPrincipal();
GrantedAuthority[] grarray=user.getAuthorities();

it is returning the updated Authorities but when doing this on the JSP page:

the "remove role" role not selected is still being seen which im expecthing should not since it is not in the userdetails anymore…

i hope you could help me. thanks a lot in advance.

By: gio2375

gio2375 — Fri, 17 Jul 2009 15:16:47 +0000

Great article Thanks very much. You saved me a lot of time. I've to do a little modify to make it working... Spring in security tags take account of only strings that start with "ROLE" and then our Businness functions that starts with "BF" are ignored. To avoid this I've set rolePrefix to "". That's the code: Giovanni

By: Vishal

Vishal — Tue, 14 Jul 2009 13:53:35 +0000

I have little different scenario.
– In my the case password stored in DB is in encrypted form.
– I have implemented 'UserDetailsService' so I need to give the implementation of loadUserByUsername(String username) method. But in this method, we get only the username that user has entered on login page. How can I get the password?

If somehow I get the password then I will encrypt the password and pass it to User (org.springframework.security.userdetails.User) Object.

By: Anand

Anand — Thu, 04 Jun 2009 14:30:31 +0000

intercept-url pattern="/index.htm*" access="ROLE_ADMIN" /