Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version 6

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Below, a FilterSecurityInterceptor is defined along with an AccessDecisionManager. The two beans are associated through the accessDecisionManager property. The objectDefinitionSource property associates URL patterns with the role required to view pages that match the URL pattern. RoleVoter specifies that if any role on the right hand side of the equals is granted to the user, the user may view any page that matches that URL pattern.

Code Block
xml
xml
titleapplicationContext-spring-security.xmlxml
<bean id="filterInvocationInterceptor"
  class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
  <property name="authenticationManager">
    <ref local="authenticationManager" />
  </property>
  <property name="accessDecisionManager">
    <ref local="httpRequestAccessDecisionManager" />
  </property>
  <property name="objectDefinitionSource">
    <value>
      <![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
// some lines omitted
\A/login.*\Z=Anonymous,Authenticated
\A/admin.*\Z=Admin
// some lines omitted
\A/logout.*\Z=Anonymous
\A/.*\Z=Authenticated
        ]]>
      </value>
    </property>
  </bean>

<bean id="httpRequestAccessDecisionManager"
  class="org.springframework.security.vote.AffirmativeBased">
  <property name="allowIfAllAbstainDecisions" value="false" />
  <property name="decisionVoters">
    <list>
      <ref bean="roleVoter" />
    </list>
  </property>
</bean>
Code Block
xml
xml
titleapplicationContext-common-authorization.xmlxml
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
  <property name="rolePrefix" value="" />
</bean>