English 中文(简体)
Should I implement a custom properties file based authorization tag to go with authz from Acegi Security?
原标题:

I m searching for the best way to handle view-level authorization (where you hide markup based on a user s roles).

The typical way to do this is with the Acegi Security authz tag, as follows:

<authz:authorize ifAnyGranted="ROLE_FOO, ROLE_BAR, ROLE_BLAH">
  <!-- protected content here -->
</authz:authorize>

The problem with that approach is that it quickly gets messy. For one, you either hard code the user roles as above or you create a constants file that duplicates them all. Second, there s no way with the current scheme to group roles logically. I suppose one solution is to define a separate role for each UI element, but then the declarative method level security on the business methods would need to be updated for each UI element (would that be a good thing?). This would also cause a proliferation of user roles! The use cases for my application actually mandate very few, e.g., Manager, Manager Supervisor, Super User (can do everything), Read Only, etc.

The solution that comes to mind is to treat the authorizable UI elements similar to message resources. That is, define a series of "authorization points" in a properties file similar to a MessageResources file. My initial thoughts are as follows:

com.lingoswap.home.editUserNameButton.ifAnyGranted=ROLE_FOO, ROLE_BAR, ROLE_BLAH
com.lingoswap.home.deleteAccountButton.ifNotGranted=ROLE_NOOB
com.lingoswap.home.deleteAccountButton.ifAnyGranted=ROLE_ADMIN
...

To protect content on the home page, we would then use a different protected tag (one that borrowed heavily from the original authz, possibly a sub class):

<security:protect component="com.lingoswap.home.editUserNameButton">
    <!-- edit user name button -->
</security:protect>

<security:protect component="com.lingoswap.deleteAccountButton">
   <!-- show the awesome delete account button that s not for nincompoops -->
</security:protect>

The advantages to this approach are the following:

  1. Easy to test - we can write unit tests that verify the user-role-to-ui-element mappings (of course, it still has to be used on JSPs)
  2. Error checking at runtime (and test time) - if a user role is misspelled in the .properties file, we can throw an Exception
  3. Easy to tweak user roles - the requirements team continually refines the user roles; it d be nice to change them all in one central location
  4. Easy to understand - we can at a glance view the user role permissions for the entire application
  5. Can be done DRYly (using property Spring placeholders to group related roles, e.g., ${readOnlyGroup} can be used in the properties file instead of the actual role names

The disadvantages seem to be:

  1. Moderate complexity
  2. Others??

Thanks for your advice.

Regards, LES2

最佳回答

I did somethig similar to the second approach. And because I wanted all my security definitions in one place I implemented my own objectDefinitionSource for the FilterSecurityInterceptor.

问题回答

暂无回答




相关问题
Signed executables under Linux

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...

MALICIOUS_CODE EI_EXPOSE_REP Medium

I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...

XSS on jsbin.com

Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...

Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

Why running a service as Local System is bad on windows?

I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...

Brute-force/DoS prevention in PHP [closed]

I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...

热门标签