role 1 « Security « Spring Q&A





1. How do I use custom roles/authorities in Spring Security?    stackoverflow.com

While migrating a legacy application to spring security I got the following exception:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with ...

2. Spring Security Access role    stackoverflow.com

I have a j2ee web application running on spring web flow using spring security. How do I change during runtime my Role saved in the session?

3. How to change granted role temporarily to achieve "view the site as" someone else    stackoverflow.com

We are using 2.x spring security right now. I am asked to build an admin tool so that the ROLE_ADMIN can change to any user in the site and view the ...

4. Is there an alternative to hierarchical Spring security roles?    stackoverflow.com

Can Spring roles only be defined in relative hierarchical terms as in this example? Is there any way to define the roles in absolute terms?

<beans:bean id="roleHierarchy"
    class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl">
   ...

5. How can I set an Admin/Superuser role to have complete access using Spring Security?    stackoverflow.com

I want to limit access to directories based on roles, e.g.,:

<intercept-url pattern="/foo/**" access="hasRole('ROLE_FOO')"/>
<intercept-url pattern="/bar/**" access="hasRole('ROLE_BAR')"/>
But I also want a superuser role that can access everything, e.g., :
<intercept-url pattern="/**" access="hasRole('ROLE_SUPERUSER')"/>
Is there a ...

6. Spring Security Role Prefix and Custom User Details Service    stackoverflow.com

How do I set the role prefix to "" with a custom user details service in Spring?

    <beans:bean id="authService" class="com.cisco.badges.business.services.AuthenticationService"/>

<authentication-manager>
        <authentication-provider ...

7. Spring security - How to assign security roles to small groups?    stackoverflow.com

I'm using spring security and have wired it successfully to authenticate users based on roles defined in the authorites table. I've then protected my resources using AOP eg.

<security:global-method-security >
    ...

8. Spring Security : difference between ROLE_ANONYMOUS and IS_AUTHENTICATED_ANONYMOUSLY    stackoverflow.com

In Spring Security What's difference between ROLE_ANONYMOUS and IS_AUTHENTICATED_ANONYMOUSLY . In other words , how are RoleVoter and AuthenticatedVoter different ?

9. Spring security : Multiple roles for a single user    stackoverflow.com


My application needs me to define multiple roles for a single user . I have read Spring security with database and multiple roles? . Why should we ...





10. Changing authenticated user's granted role and authentication token in spring-security    stackoverflow.com

I'm trying to change auth token in session. Scenerio is; An anonymouse user reaches the main page and an AnonymousAuthenticationToken saved to session with ROLE_ANONYMOUS granted authorities.. But when he/she wants to ...

11. Is a group authority in Spring Security 3 simply a shortcut for grouping several roles into one?    stackoverflow.com

Every forum post or tutorial I can find appears to address groups and group authorities differently. The reference for Spring Security indicates that groups are simply a shortcut for grouping several ...

12. defining userroles with inheriting rights    stackoverflow.com

I'm currently looking into the spring-security framework - great stuff so far, pretty impressed. However, I haven't found out where or how to define a inheritance of permissions. e.g. I want the ROLE_ADMIN ...

13. spring security list of available roles    stackoverflow.com

I have been searching on google the list of available roles in spring security, but I haven't been able to get the complete list. ┬┐Could someone help me with this? This is what ...

14. Java: Spring security 3 Role hierarchy    stackoverflow.com

I am using Spring framework mvc 3 + spring security 3. I would like to enable role hierarchy in my spring security. According to http://static.springsource.org/spring-security/site/docs/3.1.x/reference/authz-arch.html i should write

<bean id="roleVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter">
  ...

15. How to get all roles from RoleHierarchyImpl    stackoverflow.com

I have a hierarchy of roles configured and working:

<beans:bean id="roleHierarchy"
    class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl">
    <beans:property name="hierarchy">
        <beans:value>
     ...

16. Spring Security ROLE_ prefix no longer needed?    stackoverflow.com

I was investigating on how to create custom role prefix until I realized that it doesn't matter. As long as my role from my db matches something like:

<security:intercept-url pattern="/person/myProfile/**" access= ...





17. [LazyInitializationException] failed to lazily initialize a collection of role: com.c    forum.springsource.org

Jan 29th, 2011, 12:35 AM #1 srinivas2828 View Profile View Forum Posts Private Message Junior Member Join Date Sep 2010 Posts 10 [LazyInitializationException] failed to lazily initialize a collection of role: ...

18. how to use spring security roles?    forum.springsource.org

19. Role Based authenctication    forum.springsource.org

Hi , I am new to spring community . I'm trying to extend this SpringCustomloginCommand but it throws up an error on server startup stating that its unable to initialize the ...

20. avoid hardcoding ROLE_xxx    forum.springsource.org

avoid hardcoding ROLE_xxx Hi all, in my spring config I have the following :

21. Specifying security role    forum.springsource.org

22. Help required in designing a role based security implementation for a new requirement    forum.springsource.org

Help required in designing a role based security implementation for a new requirement Hi, I am very much new to Spring AOP, whereas used spring as IOC container, and dependency injection ...

23. Role Based screen using psring    forum.springsource.org

I want to develop a project which is based on the role. If a particular user logs in based on his roles menu has to changed. and admin user dynamically can ...

25. Invalidate users when there're modifications in the users or in the roles    forum.springsource.org

Invalidate users when there're modifications in the users or in the roles Hello, We have an application with the users and their roles stored in a database that can be managed ...

26. Role based security and Spring    forum.springsource.org

Role based security and Spring We are exploring the possibility of using ACEGI security framework in our Spring/Hibernate based application. Some of the basic requirements are that: 1. Role based security ...

27. Groups and Roles    forum.springsource.org

Groups and Roles Hi, I am planning to use Acegi in an application that has a need to split users in groups. Ive noticed there seems to be some mixing in ...

28. Multiple Roles with OR (instead of AND) ?    forum.springsource.org

Quoting http://acegisecurity.sourceforge.net...ision-managers: There are three concrete AccessDecisionManagers provided with the Acegi Security System for Spring that tally the votes. The ConsensusBased implementation will grant or deny access based on the consensus ...

29. Role prefix    forum.springsource.org

Role prefix Hi, I am starting with Acegy Security and I have come accros this: I took the sample application and tried to modify the names of the roles not to ...

30. Let's say I want to build a blog (Newbie question on roles?)    forum.springsource.org

Let's say I want to build a blog (Newbie question on roles?) Hello everyone, I'm just starting to experiment with Acegi, guided by the "Spring in Action" book. A quick question: ...

31. Acegi can't surpport the concepts:role & usergroup?    forum.springsource.org

I am a freshman at Acegi ,I want to know if Acegi can surpport the concepts:role & usergroup. if Acegi can,how to do with it? bye

32. Default authenticated Role    forum.springsource.org

Is it possible to secure the pages and allow access to all the authenicated users? I want the security enforcement not based on roles but whether the user is logged in ...

33. Only Role Based security!!!!!!!!????????    forum.springsource.org

Only Role Based security!!!!!!!!???????? I have tried to give a quick review over acegi and so far I have only seen all the security is based on Roles which are defined ...

34. Is a blank allowed in a Role name?    forum.springsource.org

Is a blank allowed in a Role name? Hi, by default, the role name starts with ROLE_. Through configuration, I can disable it. Now I want to have a role name ...

35. roles    forum.springsource.org

hi guys, a bit confused here. /secure/main/*=ROLE_ADMIN,ROLE_APP /secure/app/*=ROLE_APP if the user has granted authority of ROLE_APP only he can't access main. is this the default behaviour? or should i add ROLE_ADMIN ...

36. ACEGI Security Roles    forum.springsource.org

I am having difficulties with setting up Http and Https channels for a web page. I set /xxxx.html=ROLE_ANONYMOUS /xxxx.html=REQUIRES_INSECURE_CHANNEL for that page, I can access the page using http channel but ...

37. Is ROLE_* necessary?    forum.springsource.org

Is ROLE_* necessary? As I began developing I used to use S,A,T,O,I to indicate the various roles that were in my system, when I tried deploying the process would fail, renaming ...

38. ROLE Question    forum.springsource.org

ROLE Question I have integrated Acegi into my application and am now trying to assign roles. I want two roles 1)Regular User 2)View only user. I was planning on using the ...

39. excluding files from requirng roles    forum.springsource.org

Can anyone advise me how to exclude a file from requiring a role in order to access it ? I have all of my jsp files in the same directory and ...

40. Acegi running fine. Howto add roles, ...    forum.springsource.org

Acegi running fine. Howto add roles, ... Hi everyone, I'm learning Spring (and I'm really enjoying it so far), but the really hard part for me is getting security running as ...

41. Can a common role be specified automatically?    forum.springsource.org

Can a common role be specified automatically? I have a web app with a security-context.xml configured with a filter security interceptor as follows: Code:

42. Best practice recommendation regarding role based views    forum.springsource.org

Best practice recommendation regarding role based views Hi, is there a recommended practice creating a login based web app with multiple views based on the role of the logged in user? ...

43. Role caching problem    forum.springsource.org

I think it's a caching problem but I'm not sure. If I try to log in as a user who's not authorized to access certain url I get 403 as expected. ...

44. Advanced role management    forum.springsource.org

Advanced role management Hello, I am a happy user of acegi. On big enterprise applications it can be complicated to manage user permissions. Suppose I have several companies on an document ...

45. Hierachy of roles    forum.springsource.org

Hierachy of roles How woud u implement an hierachy of roles with acegi 0.8.x? Objective: - ROLE_CHILD extends ROLE_PARENT - All users whose role is ROLE_CHILD inherit the rights of ROLE_PARENT ...

46. different ROLEs with Basic authentication?    forum.springsource.org

Jan 10th, 2006, 08:49 PM #1 lumpynose View Profile View Forum Posts Private Message Senior Member Join Date May 2005 Location California, US Posts 735 different ROLEs with Basic authentication? I'm ...

47. Listing all Roles or Listing all Users    forum.springsource.org

Listing all Roles or Listing all Users I have requirements similar to that of a file management system. Users are allowed to create content (in the folders they have write access ...

48. user role problem    forum.springsource.org

user role problem I am using acegi 0.8.3 and form based authentication. When finished the authentication process, I dont get the expected "admin" role. Below is my configuration:

Always return true on isUserInRole("SOME_ROLE") Hi, I know this might not be the right place to ask this, but I hope someone can help. I find the people here really helpful ...

55. acegi fails when multiple roles are specified    forum.springsource.org

acegi fails when multiple roles are specified Hi, This is very frustrating, my security interceptor bean looks like this

56. After invocation security for ROLE_SUPERUSER    forum.springsource.org

After invocation security for ROLE_SUPERUSER I wish the ROLE_SUPERUSER to have access to all domain object after the "after invocation filtering". I checked the BasicAclEntryAfterInvocationCollectionFilteringPro vider.decide-method and discovered that it reads ...

57. Best practice to implement role-based views?    forum.springsource.org

Best practice to implement role-based views? Hi, i'm new to acegi security. As far as i can see it provides a very flexible system for securing applications and i want to ...

58. Role name requirements elude me    forum.springsource.org

Role name requirements elude me I am trying to wire a MethodSecurityInterceptor with its objectDefinitionSource and for the first time I tried using role names other than what is in all ...

59. Multiple roles    forum.springsource.org

There are three concrete AccessDecisionManagers provided with the Acegi Security System for Spring that tally the votes. The ConsensusBased implementation will grant or deny access based on the consensus of non-abstain ...

60. Reloading user roles at runtime    forum.springsource.org

Hi, i have application where is possible that user roles will be changed during session. Is there any way how to reload user roles (granted authorities) for each HTTP invocation? I ...

61. Authentication w/out roles    forum.springsource.org

Authentication w/out roles I am attempting to work around a legacy authentication source that has no roles specified for users in the Roles table and, you guessed it, I am not ...

62. Profile-based UIs with Acegi and WebFacets, Hierarchical Roles    forum.springsource.org

Sep 19th, 2006, 09:05 AM #1 remi.vankeisbelck View Profile View Forum Posts Private Message Junior Member Join Date Sep 2006 Posts 24 Profile-based UIs with Acegi and WebFacets, Hierarchical Roles Hi ...

63. [ACEGI] ROLES conjonctions    forum.springsource.org

Hi, In my filterInvocationInterceptor, exactly in the objectDefinitionSource property, I would like to associate a resource to several roles. That is to say, I would like a resource to be accessed ...

64. Some roles and groups functionality in Acegi    forum.springsource.org

Some roles and groups functionality in Acegi Hello, I'm new to Acegi and I'm looking for answers to the following: is it possible to do the following on-th-fly in an app ...

65. What's difference between ROLE_ANONYMOUS and IS_AUTHENTICATED_ANONYMOUSLY    forum.springsource.org

The authentication settings are defined in AuthenticatedVoter. You can find the explaination of what these mean here. 29 /*** 30 * Votes if a {@link ConfigAttribute#getAttribute()} of IS_AUTHENTICATED_FULLY or 31 * ...

66. Roles Definition    forum.springsource.org

Hi! I've been reading thru most of Acegi docs and I have found lots of references to the ROLES that you want some Principal to have.. but I have a questions... ...

67. Role within a group    forum.springsource.org

Role within a group Hi all, I'm in need of some help. My database contains inventory belonging to multiple groups. A user can be a member of multiple groups. And the ...

68. Can roles names have spaces?    forum.springsource.org

I have a "roles" column in my legacy database that has some role names that contain spaces. "User" , "Admin User" , ...etc. Is there a way to express this with ...

69. Re-Authenticating When Roles Change    forum.springsource.org

Hi All, I was wondering what the best way is to handle this. Scenario: System Administrator edits a user role and the user whose role is currently logged in could possibly ...

70. how to configu acegi if my role does not start with ROLE_    forum.springsource.org

Jan 29th, 2007, 11:25 AM #1 wolverine88 View Profile View Forum Posts Private Message Junior Member Join Date Jan 2007 Posts 12 how to configu acegi if my role does not ...

71. abstract role binding    forum.springsource.org

I've got Acegi 1.0.3 setup for a web application I'm deploying to Tomcat 5.5.20. I've been accustomed to using WebSphere 5.0. I basically need to define abstract roles and then bind ...

72. user authentication (managing user roles)    forum.springsource.org

Hello. I'm new to Spring MVC. I want to make a simple user login for my web application (admin, client, simple users, etc..). I see that a lot of users of ...

73. Adding a New Role    forum.springsource.org

Adding a New Role Hi, I am trying to add a new role, ROLE_DEMO to the exisiting contacts example here is my security.xml Code:

74. Role Problem    forum.springsource.org

Mar 20th, 2007, 07:57 AM #1 stanley1610 View Profile View Forum Posts Private Message Senior Member Join Date Feb 2007 Posts 102 Role Problem There are three groups in my Active ...

75. Custom Access Denied Behavior per Role    forum.springsource.org

Custom Access Denied Behavior per Role Hi, Our Acegi solution is working great, but we want to add a specific behavior if the user tries to access to page that requires ...

76. Users, roles and now - functions    forum.springsource.org

Users, roles and now - functions My understanding of Acegi is that is basically works with users and roles. This means that when you use the custom tag to limit access ...

77. How to assign a role to authentication provider    forum.springsource.org

OK, I think I understood the idea behind runAsManager, but I can't make it work I still have an access denied message when runnning the getCompteUtilisateur method. Here is a part ...

78. What role for the services layer ?    forum.springsource.org

service layer is nothing but the middle ware between the dao layer and your presentation layer(ie call from controller).so controller will call methods in service layer and from service layer you ...

79. consult: type of roles    forum.springsource.org

In this example the only places the role definitions live is in the XML file. You can create as many roles as you want. All you need to do is ensure ...

80. Sophisticated role management - how to?    forum.springsource.org

Sophisticated role management - how to? Hello, I am about to build a new web application and there will exist 2 major roles like administrator and user. Those two roles can ...

81. SEVERE: failed to lazily initialize a collection of role:    forum.springsource.org

May 20th, 2007, 05:04 PM #1 M_arci_n View Profile View Forum Posts Private Message Junior Member Join Date May 2007 Posts 2 SEVERE: failed to lazily initialize a collection of role: ...

82. Conditional roles - what happened?    forum.springsource.org

I found a handful of threads here concerning conditional roles and some examples, and references to Alarmnummers blog. There was also some talk about integrating this with Acegi (about a year ...

83. Acegi allows access only when user has ALL roles associated ... not AT LEAST ONE    forum.springsource.org

Jul 15th, 2007, 08:55 AM #1 ij15nyc View Profile View Forum Posts Private Message Junior Member Join Date Jul 2007 Posts 2 Acegi allows access only when user has ALL roles ...

84. adding new roles in acegi    forum.springsource.org

adding new roles in acegi Guys, i'm having problem adding new roles in acegi. I know this is already been asked but I tried the proposed solutions and it didn't work. ...

85. Role based lists of Views and ApplicationPages    forum.springsource.org

Role based lists of Views and ApplicationPages Hi all, I got a new issue I currently don't knwo how to implement it exactly. With the current security controller model, it's possible ...

86. MethodInterceptor and more than one role    forum.springsource.org

MethodInterceptor and more than one role Hi! I work with Acegi for a while now, but there are still things coming up ;-(. In my current application I defined the methodInterceptor ...

87. how to authenticate user (without roles)    forum.springsource.org

how to authenticate user (without roles) dear all, Heres my question : I did a lot of searching around in forums and google without too much help. A User can have ...

88. Add a different role for each user?    forum.springsource.org

Hello. I'm a newby with acegi and I need advice from the experts. I have a web application where authenticated users, apart from belonging to one or more groups (roles) also ...

89. Value for Object Definition Source - ROLE_xxx is it mandatory    forum.springsource.org

Value for Object Definition Source - ROLE_xxx is it mandatory In the application context file, for the filter security interceptor i gave the different values other than ROLE_xxx for the object ...

90. are Conditional Roles implemented?    forum.springsource.org

Hi, I found a couple of old topics in this forum about a conditional RoleVoter supporting script expressions and I would like to know if it has been implemented in acegi ...

91. Roles vs. Principle    forum.springsource.org

Roles vs. Principle Hello, In my application , I try to use Acegi for secure Authentication and Authority. The user who log in with unique 'username' and 'password' possess two possible ...

92. Spring Role in Testing    forum.springsource.org

Spring Role in Testing I am doing login application using spring-hibernate,when i run the test case for the loginDao the bean given in the application-service and application-dao xml files is not ...

93. Adding roles programmatically...    forum.springsource.org

Adding roles programmatically... Hi, In my spring based application, I need to add a user role for some users, based on a condition. (If the password used to logon is the ...

94. Support hierarchical roles [SEC-232]    forum.springsource.org

The solution provided in SEC-232 is very very close to what we were looking for, and have also downloaded the files and are planning to implement it too, but we had ...

95. Problem using 10gAS with two Different Users with Different ROLES    forum.springsource.org

There's nothing obviously wrong with these logs. Can you see all the page requests being processed in the log? i.e. you don't have a browser caching issue?

96. How to use Acegi in User-Role-Privileges scenario    forum.springsource.org

How to use Acegi in User-Role-Privileges scenario Hi All, We are working on a web application which has following requirement: An User associated with a single Role each role ...

97. ACEGI Role Based Problem    forum.springsource.org

ACEGI Role Based Problem Hi All, I have a query how to implement using ACEGI and LDAP and Spring. I have a two users user1 and user2 and user1 belongs to ...

98. Tasklet's role moving to Step?    forum.springsource.org

Tasklet's role moving to Step? I have get the latest trunk, and found out that 'different type of Tasklet' have now become 'different type of Step'. In fact originally I planned ...

99. Spring Security not only based on roles    forum.springsource.org

Spring Security not only based on roles Hi How and where do I need to implement security that is not only based on roles? I have implemented Spring Security to add ...

100. acegi without roles?    forum.springsource.org

If I have no need for roles in my application, how should i configure acegi differently than is explained here: http://www.tfo-eservices.eu/wb_tutor...-1_1-html.html also is there any tutorials out there for setting up ...