Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Acegi Security allows you to specify a role prefix in its configuration. Where the role prefix is used in the configuration varies according to your security back-end. There are modifications that will need to be completed regardless of security back-end. Those are covered first. The remaining sections cover specific security back-ends and should be used where applicable. In the examples that follow, MY_ROLE_PREFIX_ is the prefix that will be used.

For All Security Back-ends

In order for RoleVoter to determine if it "supports" a particular type of decision, it references its rolePrefix property. Be sure to set this to your prefix or use value="" if no prefix is used.

applicationContext-common-authorization.xml
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
  <property name="rolePrefix" value="MY_ROLE_PREFIX_" />
</bean>
pentaho.xml
<acl-publisher>
  <default-acls>
    <acl-entry role="MY_ROLE_PREFIX_ADMIN" acl="ADMIN_ALL" />
    <acl-entry role="MY_ROLE_PREFIX_CTO" acl="ADMIN_ALL" />
    <acl-entry role="MY_ROLE_PREFIX_DEV" acl="EXECUTE_SUBSCRIBE" />
    <acl-entry role="MY_ROLE_PREFIX_AUTHENTICATED" acl="EXECUTE" />
  </default-acls>
</acl-publisher>

<acl-voter>

  <admin-role>MY_ROLE_PREFIX_ADMIN</admin-role>

</acl-voter>

<anonymous-authentication>
  <anonymous-user>anonymous</anonymous-user>
  <anonymous-role>MY_ROLE_PREFIX_ANONYMOUS</anonymous-role>
</anonymous-authentication>
applicationContext-acegi-security.xml
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
  <property name="key" value="foobar" />
  <property name="userAttribute" value="anonymousUser,MY_ROLE_PREFIX_ANONYMOUS" />
</bean>

<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">

  <!-- omitted -->

  <property name="objectDefinitionSource">
    <value>
    <![CDATA[
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /login*=MY_ROLE_PREFIX_ANONYMOUS,MY_ROLE_PREFIX_AUTHENTICATED

    ...omitted...

    /**=MY_ROLE_PREFIX_AUTHENTICATED
    ]]>
    </value>
  </property>
</bean>

Memory

applicationContext-acegi-security-memory.xml
<bean id="userMap" class="java.lang.String">
  <constructor-arg type="java.lang.String">
    <value>
    <![CDATA[
    joe=password,MY_ROLE_PREFIX_CEO,MY_ROLE_PREFIX_ADMIN,MY_ROLE_PREFIX_USER,MY_ROLE_PREFIX_AUTHENTICATED

    ...omitted...

    </value>
  </constructor>
</bean>
applicationContext-pentaho-security-memory.xml
<bean id="inMemoryUserRoleListService" class="com.pentaho.security.memory.InMemoryUserRoleListService">

<!-- omitted -->

  <property name="allAuthorities">
    <list>
      <bean class="org.acegisecurity.GrantedAuthorityImpl">
        <constructor-arg value="MY_ROLE_PREFIX_AUTHENTICATED" />
      </bean>

      <!-- omitted -->
    </list>
  </property>

  <!-- omitted -->

</bean>

Relational Database (JDBC)

There is no additional configuration required to use role prefixes. However, be sure that your roles are stored in your database with the prefixes!

Directory (LDAP)

  • No labels