Wednesday, 15 June 2011

java - How to programmatically check if a certain url needs authentication? -



java - How to programmatically check if a certain url needs authentication? -

is there way, using spring security (v 3.1.x), programmatically authorization rules url?

i mean... suppose set:

<security:intercept-url pattern="/**" access="isauthenticated()" />

in configuration.

in controller handling /internal/** paths i'd know if need authentication access path. method this:

boolean isauthenticationrequired(string ulr);

could useful.

can info via securitycontextholder?

update searching around seems key securitymetadatasource...

if you're using schema-based configuration think (and ugly) way securitymetadatasource , rules:

@autowired private applicationcontext applicationcontext; public void somemethod(){ filtersecurityinterceptor fsi = applicationcontext.getbean(org.springframework.security.web.access.intercept.filtersecurityinterceptor.class); filterinvocationsecuritymetadatasource sms = fsi.getsecuritymetadatasource(); seek { field field = sms.getclass().getdeclaredfield("requestmap"); field.setaccessible(true); map<requestmatcher, collection<configattribute>> requestmap = (map<requestmatcher, collection<configattribute>>)field.get(sms); set<entry<requestmatcher, collection<configattribute>>> entryset = requestmap.entryset(); (entry<requestmatcher, collection<configattribute>> entry : entryset) { antpathrequestmatcher path = (antpathrequestmatcher)entry.getkey(); system.out.println(path.getpattern()); //prints sthg /action/index collection<configattribute> roles = entry.getvalue(); system.out.println(roles); //[role_user,role_admin] } } grab (exception e) { //todo e.printstacktrace(); } }

using can programme utility service check url.

the alternative cleaner in end more verbose: if you're not using schema-based configuration, can access more bean containing mapping (interceptedurls):

<bean id="fsi" class="org.springframework.security.web.access.intercept.filtersecurityinterceptor"> <property name="authenticationmanager" ref="authenticationmanager"/> <property name="accessdecisionmanager" ref="httprequestaccessdecisionmanager"/> <property name="securitymetadatasource" ref="interceptedurls"/> </bean> <sec:filter-invocation-definition-source id="interceptedurls"> <sec:intercept-url pattern="/action/login" access="role_anonymous"/> <sec:intercept-url pattern="/action/passwordreset" access="role_anonymous"/> <sec:intercept-url pattern="/action/index" access="role_admin"/> ...

hope helps!

java spring spring-mvc authentication spring-security

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)