java - Spring MVC controller inheritance with spring security -


i'm trying create generic controller using spring mvc 3.2.3 , spring security 3.1.3. i'm trying achieve this:

public abstract class datacontroller<e extends persistententity> { protected abstract e getentity(string id);  @requestmapping(value="/view/{id}", method=requestmethod.get) public string view(@pathvariable("id") string id, modelmap map) {       e ent = getentity(id);       map.put("entity", entity);       return "showentity";     } }

my extended class have specific controller mapping in class name can access url using controller name:

@controller @requestmapping("/company**") @secured("role_admin") public class companiescontroller extends datacontroller<company> {     @autowired     private appservice appservice;      @override     protected company getentity(string id) {         return appservice.getcompany(id);     } }

my problem url /company/view not secured role_admin , can accessed anyone, (i think) because /view not defined in controller @secured being used.

this can fixed overriding view method , define mapping in company class:

    . . .      @override     @requestmapping(value = "/view/{id}", method = requestmethod.get)     public string view(string id, modelmap map) {         return super.view(id, map);     }      . . .

in case security works correctly, want know if there method. since have lot of methods in abstract class, create problem , mess override methods call super.

is there way fix issue?

thanks :)

i know it's year later, had same problem , figured out possible solution this. not 100% annotation based, works , elegant

the abstract superclass: 

@preauthorize("hasanyrole(this.roles)") public abstract class datacontroller<e extends persistententity>  {     protected abstract e getentity(string id);      protected abstract string[] getroles();      @requestmapping(value="/view/{id}", method=requestmethod.get)     public string view(@pathvariable("id") string id, modelmap map) {        e ent = getentity(id);        map.put("entity", entity);        return "showentity";     }  }

on subclass implement getroles() return array of roles required access class.

@preauthorize way check authentication, allows use spel expression. this.roles refers getroles() property on annotated object.


Comments

Post a Comment

Popular posts from this blog

php - Calling a template part from a post -

i include iframe within post in wordpress. located inside content of post, meaning cannot in post template file, otherwise either before or after. i'd add facebook plugin within posts: <div id="socialwrap"><div class="fb-like" data-href="http://onlinearizonahomes.info" data-send="true" data-width="450" data-show-faces="true" data-font="arial"></div></div> i thinking of calling template part within post <?php get_template_part( 'social' ); ?> cannot use php within post without plugin (i'd avoid using plugin this). an alternative using javascript create html in post, seems unnecessary use of javascript. what best way add html within wordpress post? you can use shortcode. add functions.php function cudjex_fbshare( $atts, $content = null ) { global $post; $link = get_permalink($post->id); return '<div id="socialwrap...
Read more

Firefox SVG shape not printing when it has stroke -

Image
i having issue svg shapes have stroke , trying them print in firefox. this simplest example: <svg xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink"> <rect x="0" y="0" rx="15" ry="15" width="300" height="400" style="stroke:black;stroke-width:5;" fill="black" /> <circle id="firstcircle" cx="50" cy="50" r="30" stroke="black" stroke-width="2" fill="white" style="opacity:0.75;"/> <circle id="secondcircle" cx="50" cy="150" r="30" fill="white" style="opacity:0.75;"/> </svg> when try , print first shape 1 of 2 things: it not show @ all it shows off center in bounding box. the second shape no stroke shows expected, expected. when displaying on scre...
Read more

How to mention the localhost in android -

i trying call localhost in android application. unfortunately not possible used several methods emulator local host http://10.0.2.2/android/dbconnection.php and network ip address http://192.168.1.xx/android/dbconnection.php also http://localhost:8080/android/dbconnection.php but nothing connected localhost. purpose refer stackoverflow answers not working i facing same problem when worked on localhost. referred stackoverflow answer got solution create new emulator works fine in new emulator.
Read more