In my java based web application user want to add his URLs in the application. I have used spring security which picks users as well as some predefined URLs from database. Now if user want to add new URL and allow his own URL ( which is not in my secured URL list) I may need to put that URL in DB, restart the application and then user will login and hen he can access that URL. I want user can provide this URL at run time and will just log out and log in. Spring security should authorize that URL.
Asked
Active
Viewed 409 times
1 Answers
1
Store your url and authority rules in a domain class which implements DefaultFilterInvocationSecurityMetadataSource -- Requestmap table, which can be updated dynamically.
coderLMN
- 3,076
- 1
- 21
- 26
-
But when application is deployed at that time bean of DefaultFilterInvocationSecurityMetadataSource will be created. and it will fetch all URLs from DB. When application is up and user wants to add new URL how can I add that URL in the object of DefaultFilterInvocationSecurityMetadataSource hold in the bean. As per my info. we should not modify bean definition once it is deployed as it may have dependent beans also. – Anant Navagale Dec 27 '12 at 12:01
-
You can define your domain class which implements it. This is some details about how to persist these rules: http://stackoverflow.com/questions/6893061/how-to-dynamically-decide-intercept-url-access-attribute-value-in-spring-secur – coderLMN Dec 27 '12 at 15:59