Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Protecting URLs

If one attempted to differentiate between web resource authorization and domain object authorization, one could say that web resource authorization is more coarse-grained. It protects web resources, all of which are uniquely identified by a URL. URLs can point to static resources like images or they can point to dynamic resources such as the pages of a web application. Web resource authorization, as used in this document, deals with the latter. Web security is referred to as coarse-grained since web resource authorization doesn't enforce security on methods or even instances that are involved in dynamically creating a web page. That's not to say that one can't have finer grain control using domain object authorization--it's just that web resource authorization is the first security gate through which a user must pass.

Protecting URLs with

...

Spring Security

The Pentaho BI Platform comes out-of-the-box using a configuration setup very similar to the Spring Security Contacts Sample Application. This sample comes with the Acegi Spring Security download. The platform uses a standard Acegi Spring Security setup that is well-documented in the Acegi Spring Security documentation.

Warning: All characters between the \A and \Z must be lowercase in order for a match to occur.

...

Code Block
xml
xml
titleapplicationContext-acegispring-security.xml
<bean id="filterInvocationInterceptor"
  class="org.springframework.acegisecuritysecurity.intercept.web.FilterSecurityInterceptor">
  <property name="authenticationManager">
    <ref local="authenticationManager" />
  </property>
  <property name="accessDecisionManager">
    <ref local="httpRequestAccessDecisionManager" />
  </property>
  <property name="objectDefinitionSource">
    <value>
      <![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
// some lines omitted
\A/login.*\Z=Anonymous,Authenticated
\A/j_acegi_security_check.*\Z=Anonymous,Authenticated
\A/admin.*\Z=Admin
// some lines omitted
\A/logout.*\Z=Anonymous
\A/.*\Z=Authenticated
        ]]>
      </value>
    </property>
  </bean>

<bean id="httpRequestAccessDecisionManager"
  class="org.springframework.acegisecuritysecurity.vote.AffirmativeBased">
  <property name="allowIfAllAbstainDecisions" value="false" />
  <property name="decisionVoters">
    <list>
      <ref bean="roleVoter" />
    </list>
  </property>
</bean>
Code Block
xml
xml
titleapplicationContext-common-authorization.xml
<bean id="roleVoter" class="org.springframework.acegisecuritysecurity.vote.RoleVoter">
  <property name="rolePrefix" value="" />
</bean>