Well that's a pretty old approach and that's for Method Level Security.
Using Java > 5.0 you can do this using either Springs @Secured or JSR 250
@RolesAllowed annotations.
What I'd like to do is using annotations for Web Level Security, i.e. use it
together with Springs @Controller and @RequestMapping annotations in order
to have not one big security.xml file which holdes all URL patterns, but
define access roles directly in the Controller.
On Fri, Sep 19, 2008 at 4:55 PM, Martin Homik <[EMAIL PROTECTED]> wrote:
>
> According to "Spring in Action" (p. 303) you can use annotations such as::
>
> /**
> * @@org.acegisecurity.SecurityConfig("ROLE_ADMIN")
> */
>
> public void doSomethingSecure() {
> //
> }
>
>
> Note, acegisecurity is springsecurity today.
>
> It might not be supported out of the box. Then, you need to
> 1. add a CommonsAttribute bean to your application context
> 2. add a MethodDefinitionsAttributes object definition source
> 3. wire the objectDefinitionSource bean into the objectDefinitionSource
> property
> of MethodSecurityInterceptor.
>
> Hope these hints help.
>
> Cheers,
> Martin
>
>
>
> Michael Duergner wrote:
> >
> > Do you think it's worth trying from your professional point of view?
> > I think it should be a patch for spring security if it's not possible
> > out-of-the box as far as I can say by now.
> >
> > On Fri, Sep 19, 2008 at 8:00 AM, Matt Raible <[EMAIL PROTECTED]>
> > wrote:
> >
> >> I believe it is possible, but I've never done it myself. If it's not
> >> available out-of-the-box, I'm sure you could add it.
> >>
> >> Matt
> >>
> >> On Thu, Sep 18, 2008 at 6:07 PM, Michael Duergner
> >> <[EMAIL PROTECTED]> wrote:
> >> > Hi all,
> >> > I was wondering if there is already a way to define web level security
> >> by
> >> > using annotations when using Spring Security. What I'd like to do is
> to
> >> move
> >> > the rule inside the <http> Container in security.xml into the
> >> Controller
> >> > Classes by using annotations. As it's possible for method level
> >> security
> >> it
> >> > should be possible for web level security also or is there a problem I
> >> don't
> >> > see.
> >> > I think it would make the application much easier to manage, as
> >> security.xml
> >> > would only hold basic configuration (and maybe a default security
> >> policy
> >> > e.g. require ROLE_USER by default for every page unless otherwise
> >> specified
> >> > by annotations).
> >> > --
> >> > Michael Dürgner
> >> >
> >>
> >
> >
> >
> > --
> > Michael Dürgner
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Using-annotations-for-web-security-tp19563963s2369p19573984.html
> Sent from the AppFuse - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
--
Mit freundlichen Grüßen / With kind regards
Michael Dürgner
