Comments on: Spring Security – What happens after /you/ log in?

By: Jon

Jon — Wed, 28 Apr 2010 10:58:47 +0000

Redirecting back to the source URL comes out of the box with Spring Security 3 – see http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.html

By: Marcos Berwanger

Marcos Berwanger — Wed, 31 Mar 2010 04:13:35 +0000

How can I get the logged user object on the “doLogin” bean method?

Or exists another alternative for use rendered=”#{myBean.userGrantedAccess}

Thank’s

Marcos

By: Pamela

Pamela — Tue, 09 Mar 2010 23:22:35 +0000

Do you think it’s possible to utilize taglibs/tld file in order to create URL protection?

I’m currently using JSF 1.2 so I can utilize a tld file that would have security tag defined.

If you could give me a quick example, that’d really be fabulous.

Thanks~!

By: Lincoln

Lincoln — Fri, 05 Mar 2010 19:29:40 +0000

Unfortunately, there is no example, sorry. This was all taken out of:

http://ocpsoft.com/scrumshark/ , but you can download the sources for that and take a look.

http://code.google.com/p/ocpsoft-tools/

By: Pamela

Pamela — Fri, 05 Mar 2010 13:41:09 +0000

By Hello World, I meant your Basic Login example presented in this article and the previous one.

Sorry if I confused you in any way.

Thanks!

By: Pamela

Pamela — Thu, 04 Mar 2010 21:12:10 +0000

BTW where can I download your HelloWorld example?

By: Lincoln

Lincoln — Thu, 04 Mar 2010 17:07:35 +0000

No problem. You’d do something very similar. You’d want to create a JSF Action Method in a JSF Managed Bean – something like:

public class MyBean {
public boolean isUserGrantedAccess()
{…}
}

This method would check the logged in user’s preferences, permissions, the state of the system or whatever logic needed.

Then you would disable or render the link by referencing that action method in your Facelet view.

Notice the “is” should be omitted. See “JEE Unified Expression Language Syntax” for more details on that.

By: Pamela

Pamela — Thu, 04 Mar 2010 15:37:36 +0000

How about when I want to hide certain links/buttons for certain users? Would I go thru a similar process, or something different.

Sorry, I’m fairly new to this whole programming in Spring Security.

Thanks for your response, Lincoln.

By: Lincoln

Lincoln — Thu, 04 Mar 2010 15:29:40 +0000

I usually defer to the non-filter security mechanisms for such use-cases. PrettyFaces allows you to do just that with URL actions. In the action you would check the user’s credentials / business scenario and decide whether or not to continue to process and render, or redirect to a different page. There are other ways, but… this is one.

http://ocpsoft.com/prettyfaces/

By: Pamela

Pamela — Wed, 03 Mar 2010 22:27:45 +0000

Hi Lincoln,

Is there a way you can hide/protect URLs after a user logs in depending on user’s credentials or characteristics?

If you have an example, that’d be great.

Thanks