tags:

views:

112

answers:

1
Q: 

implement acl on field in spring security

Hi!

I would like implement spring acl for my object fields.

does anyone has an idea what do i have to implment for it?

for example, i have Purchase object.

i would like admin_role to have read on all the fields, and secretary_role to have read only on username and address field

A: 

Can you clarify at what point you need the security?

If this is part of a webapp, I frequently use stripes security interceptors in combination with spring to control access to what the user sees based on role.

If it's not part of a webapp and you're looking to control what a user can change there's a number of methods available from custom annotations to database control. I've found the project itself usually dictates which path I should follow.

Quotidian  2010-05-06 13:37:43
hi!it's a web application.I use jsf. and i need to secure the object fields that are displayed on the screen.for example, i have an object called worker. i will display a list of workers in a table. if the role that entered is admin_role, he will view all the fields.it the role that entered is a secretary_role, he will view only the name and address field (i don't want him to see the salary of the worker).
Odelya  2010-05-06 17:25:36

related questions

Acegi/Spring Security Grails plug-in not seeing changes to a User instance
different DelegatingFilterProxy and FilterToBeanProxy
How to immediately enable the authority after update user authority in spring security?
springdoclet usage?
Grails Security Problem and Search Engine optimization
Spring Security: Advice needed on how to handle GrantedAuthority
Why is my (Spring Security) servlet filter getting called twice?
Grails Acegi Plugin springsecurity.GrailsDaoImpl - User [admin] has no GrantedAuthority
Spring Security: What is the UserDetailsManager interface used for? And more!
Combining namespace based configuration with different authentication methods in spring-security
Spring Security: Custom Authentication Provider for 'one time password' and 'securit questions'
Spring Security: How to get the initial target url
Permissions checking in server-side API
Cannot locate 'org.springframework.security.annotation.Jsr250MethodDefinitionSource'
How to grant access for all authenticated users?
Spring embedded ldap server in unit tests
What are some good sample applications using Spring and Hibernate?
Problem migrating Spring Web App from tomcat 5.5 to tomcat 6.0
How to throw an informative exception from AccessDecisionManager that uses voters
How can I determine what roles are required to access a URL with Spring Security?
Creating a custom authentication with Acegi/Spring Security
Unit testing with Spring Security
Securing Remote Access over JMXMP with Spring Security
When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?
Spring security: adding "On unsuccessful login event listener"