hundreds of url and perms relationship management

My webapp has hundreds of url,most of them need   protected by "perms[foo:xxx]" Filter,each of the "foo:xxx" is different .

I need to write hundreds line of /moduleA/EntityB/OperateC=perms[moduleA:EntityB:OperateC].

can [urls] info be stored in a database ?
Maybe there should be a Realm for urls ?

Hi,

A realm authenticates a user and retrieves authorizations for a user, without taking into account the current url.

There is a filter to check permissions accesses : the PermissionsAuthorizationFilter.
According to your security configuration, the filter is applied to the incoming url.

For your problem, I would create a specific filter, apply it to a more generic url :
/moduleA/** = superPermissionsFilter

This superPermissionsFilter would inherit from the AuthorizationFilter class and would override the isAccessAllowed method.
This method would be closed to the isAccessAllowed method in the PermissionsAuthorizationFilter class, just replacing the line :
        String[] perms = (String[]) mappedValue;
by :
        String[] perms = readPermissionsFromDatabaseAccordingToTheUrl(request);
and creating this readPermissionsFromDatabaseAccordingToTheUrl method to load from database (or weherever you want, use cache if necessary) the right permissions according to the url.

Best regards,
Jérôme

,Thank you!