Comments on: Spring Security customization (Part 2 – Adjusting secured session in real time) http://blog.springsource.org/2009/01/02/spring-security-customization-part-2-adjusting-secured-session-in-real-time/ The voice of SpringSource Wed, 08 Feb 2012 17:31:53 +0000 hourly 1 http://wordpress.org/?v=3.1.1 By: adam http://blog.springsource.org/2009/01/02/spring-security-customization-part-2-adjusting-secured-session-in-real-time/comment-page-1/#comment-201977 adam Fri, 09 Sep 2011 17:28:45 +0000 http://blog.springsource.com/?p=910#comment-201977 Hey, awesome article. Question: these two articles were written under the auspices of early Spring 2.x. Do they still completely apply for 3.x? If not, what would the changes be? Thanks. --adam Hey, awesome article. Question: these two articles were written under the auspices of early Spring 2.x. Do they still completely apply for 3.x? If not, what would the changes be? Thanks.

–adam

]]> By: technoChord » Adding Aspects in a Running Web Application http://blog.springsource.org/2009/01/02/spring-security-customization-part-2-adjusting-secured-session-in-real-time/comment-page-1/#comment-178327 technoChord » Adding Aspects in a Running Web Application Mon, 08 Nov 2010 17:07:28 +0000 http://blog.springsource.com/?p=910#comment-178327 [...] by this great [...] [...] by this great [...]

]]> By: Aamir http://blog.springsource.org/2009/01/02/spring-security-customization-part-2-adjusting-secured-session-in-real-time/comment-page-1/#comment-176162 Aamir Thu, 09 Sep 2010 13:12:53 +0000 http://blog.springsource.com/?p=910#comment-176162 Hey Oleg, Great article! I was looking to do exactly this - i.e. write a custom AccessDecisionVoter, and you provide an excellent example here! Thanks. Hey Oleg,
Great article!
I was looking to do exactly this – i.e. write a custom AccessDecisionVoter, and you provide an excellent example here!

Thanks.

]]> By: Oleg Zhurakousky http://blog.springsource.org/2009/01/02/spring-security-customization-part-2-adjusting-secured-session-in-real-time/comment-page-1/#comment-140566 Oleg Zhurakousky Mon, 12 Jan 2009 13:37:56 +0000 http://blog.springsource.com/?p=910#comment-140566 You can absolutely accomplish the same thing by adding a security filter, interceptor or anything else that can have access to the list of Granted Authorities. To me the main reason behind doing it this way is because it resembles a human like way of making a decision, thus easy to understand and therefore in my belief is more appropriate then any other way. As far as switching to UnanimousBased ADM, it is my strong belief that security must be based on very conservative principals "close all doors and open one by one" instead of "open all doors and close one at the time when problems occur" Oleg You can absolutely accomplish the same thing by adding a security filter, interceptor or anything else that can have access to the list of Granted Authorities.
To me the main reason behind doing it this way is because it resembles a human like way of making a decision, thus easy to understand and therefore in my belief is more appropriate then any other way.

As far as switching to UnanimousBased ADM, it is my strong belief that security must be based on very conservative principals "close all doors and open one by one" instead of "open all doors and close one at the time when problems occur"

Oleg

]]> By: Sarath Chandra http://blog.springsource.org/2009/01/02/spring-security-customization-part-2-adjusting-secured-session-in-real-time/comment-page-1/#comment-140556 Sarath Chandra Mon, 12 Jan 2009 13:22:49 +0000 http://blog.springsource.com/?p=910#comment-140556 Loved both the articles. I wasn't aware of Voting based BL Security Context management. We used filters to manually override and modify security context. I remember, vaguely, at that time, that to add or remove grantedAuthorities to a user, we had to copy the list and reset(I believe the list was unmutable, Not sure if it changed now). However, would you mention how different (other than the above) would it be to use AcessDecisionManager instead of Spring managed Filters or Intersceptors? I believe, Interceptors and/or Filters are much easier to comprehend for even a normal spring devloper. Any other advantages of this pattern/abstraction? -Sarath http://blog.sarathonline.com/search/label/spring Loved both the articles. I wasn't aware of Voting based BL Security Context management. We used filters to manually override and modify security context. I remember, vaguely, at that time, that to add or remove grantedAuthorities to a user, we had to copy the list and reset(I believe the list was unmutable, Not sure if it changed now).

However, would you mention how different (other than the above) would it be to use AcessDecisionManager instead of Spring managed Filters or Intersceptors? I believe, Interceptors and/or Filters are much easier to comprehend for even a normal spring devloper. Any other advantages of this pattern/abstraction?

-Sarath
http://blog.sarathonline.com/search/label/spring

]]>