According to "Spring in Action" (p. 303) you can use annotations such as::
/**
* @@org.acegisecurity.SecurityConfig("ROLE_ADMIN")
*/
public void doSomethingSecure() {
//
}
Note, acegisecurity is springsecurity today.
It might not be supported out of the box. Then, you need to
1. add a CommonsAttribute bean to your application context
2. add a MethodDefinitionsAttributes object definition source
3. wire the objectDefinitionSource bean into the objectDefinitionSource
property
of MethodSecurityInterceptor.
Hope these hints help.
Cheers,
Martin
Michael Duergner wrote:
>
> Do you think it's worth trying from your professional point of view?
> I think it should be a patch for spring security if it's not possible
> out-of-the box as far as I can say by now.
>
> On Fri, Sep 19, 2008 at 8:00 AM, Matt Raible <[EMAIL PROTECTED]>
> wrote:
>
>> I believe it is possible, but I've never done it myself. If it's not
>> available out-of-the-box, I'm sure you could add it.
>>
>> Matt
>>
>> On Thu, Sep 18, 2008 at 6:07 PM, Michael Duergner
>> <[EMAIL PROTECTED]> wrote:
>> > Hi all,
>> > I was wondering if there is already a way to define web level security
>> by
>> > using annotations when using Spring Security. What I'd like to do is to
>> move
>> > the rule inside the <http> Container in security.xml into the
>> Controller
>> > Classes by using annotations. As it's possible for method level
>> security
>> it
>> > should be possible for web level security also or is there a problem I
>> don't
>> > see.
>> > I think it would make the application much easier to manage, as
>> security.xml
>> > would only hold basic configuration (and maybe a default security
>> policy
>> > e.g. require ROLE_USER by default for every page unless otherwise
>> specified
>> > by annotations).
>> > --
>> > Michael Dürgner
>> >
>>
>
>
>
> --
> Michael Dürgner
>
>
--
View this message in context:
http://www.nabble.com/Using-annotations-for-web-security-tp19563963s2369p19573984.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
