Quantcast

hundreds of url and perms relationship management

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

hundreds of url and perms relationship management

yulei
This post has NOT been accepted by the mailing list yet.
My webapp has hundreds of url,most of them need   protected by "perms[foo:xxx]" Filter,each of the "foo:xxx" is different .

I need to write hundreds line of /moduleA/EntityB/OperateC=perms[moduleA:EntityB:OperateC].

can [urls] info be stored in a database ?
Maybe there should be a Realm for urls ?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: hundreds of url and perms relationship management

jleleu
Hi,

A realm authenticates a user and retrieves authorizations for a user, without taking into account the current url.

There is a filter to check permissions accesses : the PermissionsAuthorizationFilter.
According to your security configuration, the filter is applied to the incoming url.

For your problem, I would create a specific filter, apply it to a more generic url :
/moduleA/** = superPermissionsFilter

This superPermissionsFilter would inherit from the AuthorizationFilter class and would override the isAccessAllowed method.
This method would be closed to the isAccessAllowed method in the PermissionsAuthorizationFilter class, just replacing the line :
        String[] perms = (String[]) mappedValue;
by :
        String[] perms = readPermissionsFromDatabaseAccordingToTheUrl(request);
and creating this readPermissionsFromDatabaseAccordingToTheUrl method to load from database (or weherever you want, use cache if necessary) the right permissions according to the url.

Best regards,
Jérôme
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: hundreds of url and perms relationship management

yulei
,Thank you!
Loading...