Wednesday, October 7, 2009

Spring Security, customizing the access role prefix

Another Spring Security hurdle: when your access specifiers do not start with ROLE_, you will need to customize the RoleVoter and tell it what 'rolePrefix' to use (or not to use in my case). 


<beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
        <beans:property name="decisionVoters">
            <beans:list>
              <beans:bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
                <beans:property name="rolePrefix" value="PREFIX_HERE" />
              </beans:bean>
              <beans:bean class="org.springframework.security.vote.AuthenticatedVoter"/>
            </beans:list>
        </beans:property>
    </beans:bean>


To use your custom accessDecisionManager, reference it in the http declaration, like so:

<http auto-config="true" ... access-decision-manager-ref="accessDecisionManager">
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)