Spring Security
  1. Spring Security
  2. SEC-1277

The authorization tag libraries are totally wrong!

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: 3.0.0.RC2
    • Component/s: Taglibs
    • Labels:
      None

      Description

      <security:authorize ifAllGranted="ROLE_SUPERVISOR">
      <td>
      <a href="del.htm?id=<c:out value="$

      {contact.id}"/>">Del</a>
      </td>
      </security:authorize>

      I think it is more reasonable to protect a resource like this:
      <security:authorize ifAllAuthorised="del.htm">
      <td>
      <a href="del.htm?id=<c:out value="${contact.id}

      "/>">Del</a>
      </td>
      </security:authorize>

      Because the relationship between resources and roles may change in the future,
      even more,the role name may change.

        Issue Links

          Activity

          Hide
          Luke Taylor added a comment -

          Totally wrong, eh?

          First off, if you want to treat the attributes used in the security metadata as logical roles/permisssions, then there is nothing to stop you doing so. You can just implement an appropriate mapping in your AuthenticationProvider or UserDetailsService. This is a common requirement.

          Secondly, please check the changelog before creating new issues. The functionality you are talking about was implemented in RC1 for SEC-525.

          Show
          Luke Taylor added a comment - Totally wrong, eh? First off, if you want to treat the attributes used in the security metadata as logical roles/permisssions, then there is nothing to stop you doing so. You can just implement an appropriate mapping in your AuthenticationProvider or UserDetailsService. This is a common requirement. Secondly, please check the changelog before creating new issues. The functionality you are talking about was implemented in RC1 for SEC-525 .

            People

            • Assignee:
              Luke Taylor
              Reporter:
              vincent lee
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: