Showing posts with label roleVoter. Show all posts
Showing posts with label roleVoter. Show all posts

Wednesday, October 7, 2009

Spring Security, customizing the access role prefix

Another Spring Security hurdle: when your access specifiers do not start with ROLE_, you will need to customize the RoleVoter and tell it what 'rolePrefix' to use (or not to use in my case). 


<beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
        <beans:property name="decisionVoters">
            <beans:list>
              <beans:bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
                <beans:property name="rolePrefix" value="PREFIX_HERE" />
              </beans:bean>
              <beans:bean class="org.springframework.security.vote.AuthenticatedVoter"/>
            </beans:list>
        </beans:property>
    </beans:bean>


To use your custom accessDecisionManager, reference it in the http declaration, like so:

<http auto-config="true" ... access-decision-manager-ref="accessDecisionManager">
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)