- This topic has 6 replies, 2 voices, and was last updated 9 years, 5 months ago by
.
-
Posts
-
I’m on MyEclipse for Spring 2014. I’ve successfully done the CRUD and security tutorials. At this point the website seems the same if you log in using admin or guest.
I’ve attempted to add security to the menu.jsp by wrapping one of the include tags as follows –
<security:authorize ifAnyGranted=”ROLE_ADMIN”>
<jsp:include page=”/WEB-INF/pages/admin/menu.jsp” />
</security:authorize>This results in the include page not being shown no matter what login I use. What do I need to change in order to have this link show for admins and not for general users?
Here is the full menu.jsp –
<%@ taglib uri=”http://www.springframework.org/security/tags” prefix=”security” %>
<%@page language=”java” isELIgnored=”false” contentType=”text/html; charset=ISO-8859-1″ pageEncoding=”ISO-8859-1″%><jsp:directive.include file=”/WEB-INF/sitemesh-decorators/include.jsp”/>
<fmt:setBundle basename=”bundles.storelist-resources”/>
<div id=”contentarea”>
<div id=”lb”><div id=”rb”><div id=”bb”><div id=”blc”>
<div id=”brc”><div id=”tb”><div id=”tlc”><div id=”trc”>
<div id=”content”>
<h1>Main Dashboard</h1>
<p class=”line”> </p>
<jsp:include page=”/WEB-INF/pages/returnticket/menu.jsp” />
<jsp:include page=”/WEB-INF/pages/admin/menu.jsp” />
<security:authorize ifAnyGranted=”ROLE_ADMIN”>
<jsp:include page=”/WEB-INF/pages/admin/menu.jsp” />
</security:authorize><div class=”clear”> </div>
</div>
</div></div></div></div>
</div></div></div></div>
</div>dknutson,
After performing the spring CRUD scaffolding and spring security scaffolding with MyEclipse Derby database, add two authorities (ADMIN and GUEST) to the Authorities table. Finally in ‘CustomersApp-security-context.xml’ file modify the ‘intercept-url’ and ‘global-method-security’ values (please find the ‘CustomersApp-security-context.xml’ file in the attachment). After making the above changes, If you try to login with the user who has GUEST access, it gives you ‘HTTP Status 403 – Access is denied’. If you try to login with the user who has ADMIN access, it works fine without any issues.
Also please take a look at these threads which might help you in configuring the permissions :
http://javahash.com/spring-security-hello-world-example/
http://howtodoinjava.com/2013/04/16/login-form-based-spring-3-security-example/
http://codehustler.org/blog/spring-security-tutorial-form-login/
http://www.mkyong.com/spring-security/spring-security-hello-world-annotation-example/This is a development related query. I would suggest you to cross post on development forums (for ex: http://www.stackoverflow.com ) for better support on this query.
Let us know if you see any issues in MyEclipse.
That didn’t really answer my question at all. If I take the steps you indicate, then I end up with a site that only admins can use. All the links you specified also allow a single role to login. What I’m trying to understand is how to use your scaffolding with with many roles.
Let me try another way. The jsp snippet from my original question. Near as I can tell ,it is syntax correct. So – Why doesn’t work with myEclipse scaffolding?
dknutson,
As mentioned in my earlier response, this is purely a development related query and I suggest you to cross post on development forums for better support on this spring security development.
Let us know if you see any issues in MyEclipse.
dknutson,
<jsp:include page=”/WEB-INF/pages/returnticket/menu.jsp” />
<jsp:include page=”/WEB-INF/pages/admin/menu.jsp” />
<security:authorize ifAnyGranted=”ROLE_ADMIN”>
<jsp:include page=”/WEB-INF/pages/admin/menu.jsp” />
</security:authorize>Can you please remove the second line in the above code (<jsp:include page=”/WEB-INF/pages/admin/menu.jsp” />) in the JSP file and see if it works ?
I have checked it at my end and could see that link only when admin is logged in.
Hope this helps.
Duh! Made so many changes that I missed adding that link back in above the security tag. It’s now works for both logins.
Thanks!
