	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

03/27/2009 at 04:57PM PDT, ID: 24272974

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

8.3

Trying to figure out how to use Spring Security to filter URL

Asked by intlgd in Spring, Java Server Pages (JSP)

Tags: Spring, Struts2, JSP

Hello All,

I am in the middle of trying to implement Spring security for the first time. I have it authenticating and it gets to my main page. The trouble is that it isn't behaving the way I'd like. I have two users set up for testing, one with ('ROLE_BASIC') and one with ('ROLE_BASIC', 'ROLE_ADMIN', 'ROLE_SUPER'). I have confirmed that the users are being populated with those roles.

So my issue is that the user that only has 'ROLE_BASIC' can access /app/admin/mypage.action' even though I have the intercept-url below. Why is that happening?

security-config.xml

<http>
<intercept-url pattern='/dacsLogin.htm' filters='none'/>
<intercept-url pattern='/**' access='ROLE_BASIC' />
<intercept-url pattern='/admin/**' access='ROLE_ADMIN' />
<intercept-url pattern='/system/**' access='ROLE_SUPER' />
<form-login login-page='/dacsLogin.htm' default-target-url='/index.jsp' always-use-default-target='true' />
</http>

<authentication-provider user-service-ref='userDetailsService'/>

<beans:bean id="userDetailsService" class="com.cisco.btd.security.BtdUserDetailsService">
<beans:property name="userService" ref="userService"/>
</beans:bean>

I know for sure that the roles are being set because I have a section on one of my pages that has a security check in it:

<sec:authorize ifAllGranted="ROLE_SUPER">
//links to sys admin pages
</sec:authorize>

The above will not show for my user that only has 'ROLE_BASIC', but will for the one that has 'ROLE_SUPER'.

Any thoughts?

Jared

View the Solution FREE for 30 Days

Keywords: Trying to figure out how to use Spring …

	Title
1	How to work with spring security usin…
2	Using spring security to handle pre-a…

Loading Advertisement...

20090824-EE-VQP-74 - Hierarchy / EE_QW_3_20080625

1. dravidnsr82,525
2. objects80,550
3. mrjoltcola7,500
4. mahome6,750
5. a_b5,900
6. karanw5,700
7. boonleng4,500
8. crossdev4,375
9. jamoville4,100
10. MuraliKanth4,080
11. ksivananth4,000
12. jwenting3,678
13. CEHJ3,360
14. ozlevanon3,200
15. anilallewar2,800
16. Kuldeepc...2,150
17. spprivate2,050
18. rrz@87...2,000
18. snoyes_jw2,000
18. garycase2,000
18. mwvisa12,000
18. mrcoffee...2,000
18. cxr2,000
18. lord_hes...2,000
18. jocafi2,000
18. bmunge2,000

1. objects85,925
2. dravidnsr82,525
3. mrjoltcola7,500
4. mahome6,750
5. PrasathA...6,000
6. jamoville5,975
7. a_b5,900
8. karanw5,700
9. boonleng4,500
10. Venabili4,475
11. crossdev4,375
12. MuraliKanth4,080
13. ksivananth4,000
14. jwenting3,678
15. mwvisa13,500
16. CEHJ3,360
17. ozlevanon3,200
18. anilallewar2,800
19. rrz@87...2,500
19. darkapple2,500
21. Kuldeepc...2,150
22. spprivate2,050
23. snoyes_jw2,000
23. garycase2,000
23. mrcoffee...2,000
23. sweetfa22,000
23. cxr2,000
23. MrMarshall2,000
23. lord_hes...2,000
23. jocafi2,000
23. bmunge2,000

Trying to figure out how to use Spring Security to filter URL

Asked by intlgd in Spring, Java Server Pages (JSP)

Tags: Spring, Struts2, JSP

About this solution