Friday, 15 February 2013

java - security util using SecurityContextHolder in spring application -



java - security util using SecurityContextHolder in spring application -

in spring application have aspects controller methods security checks. beacause of need several checks more wrapped them static helper methods of "sercurityutil" class.:

public abstract class securityutils { public static authentication getcurrentauthentication(){ homecoming securitycontextholder.getcontext().getauthentication(); } public static chroniosuser getauthenticateduser(){ homecoming (chroniosuser) getcurrentauthentication().getprincipal(); } public static boolean authenticationhasrole(authentication authentication, role role){ simplegrantedauthority grantedauthority = new simplegrantedauthority(role.getroleidentifier()); homecoming authentication.getauthorities().contains(grantedauthority); } public static boolean authenticateduserisadmin(){ authentication authentication = getcurrentauthentication(); homecoming authenticationhasrole(authentication, admin); } ... }

is valid , approach? or shut wrap these helper functions spring service?

thank you.

ps: know can utilize @preauthorize ... aspects more complex.

the short reply :

yes seems valid , approach.

the long reply :

it's you.

spring security documentation states infrastructure based exclusively on standard servlet filters , has no strong links particuler web technology, including spring mvc

spring security’s web infrastructure based exclusively on standard servlet filters. doesn’t utilize servlets or other servlet-based frameworks (such spring mvc) internally, has no strong links particular web technology. deals in httpservletrequest s , httpservletresponse s , doesn’t care whether requests come browser, web service client, httpinvoker or ajax application

[spring security reference - 1. security filter chain]

its utilize based exclusively on securitycontextholder. examples provided through static methods :

object principal = securitycontextholder.getcontext().getauthentication().getprincipal();

as can see, it's not spring bean/service/component. securitycontextholder looks utility class.

now can create spring service expose or can utilize through classic util class depending on more practical , application.

java spring spring-mvc spring-security

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)