Access Spring Security annotations from Spring Security filter
up vote
0
down vote
favorite
I am using annotation @Secured("ROLE") on spring mvc controllers, what I want to do is access the value of annotation '@Secured("ROLE") on the controller being invoked based on the request url using filter, then set a parameter on request object request.setParameter(key, value) based on the supplied value of annotation which is 'ROLE' in this case.
I wanted to know how do I access this value of annotation and which spring security filter I should be extending to add a parameter to request object request.setParameter(key, value) and this request parameter should be accessible in controller as well
EDIT:
As the question was marked too broad, let me add more detail.
So I am currently migrating struts 1 action classes to spring mvc, and also adding spring security.
In older implementation, what is happening is when the user is authenticated we put a HashMap<String, AuthObj> in session object where key for this HashMap is the role/privilege and value AuthObj is a object which contains multiple props related to that particular 'Role' and that particular user which was authenticated.
Then there is a org.apache.struts.tiles.TilesRequestProcessor which is executed just before any struts action is invoked, what we are doing in this TilesRequestProcessor is we access the action class config org.apache.struts.config.ActionConfig to read the role/privilege required to invoke that particular action class and then put some properties in request/session object based on the 'role' required to invoke that action class, and the key of this property is same for every action class so that when we access this property in action class later, we don't have to use different key.
My question was how can this be achieved using spring mvc and spring security, important thing is when we put this obj in session/request object, the key should be same for every action class, otherwise i'll have to modify 100s of methods in older code which i am migrating from struts to spring.
java spring spring-mvc spring-boot spring-security
asked Nov 8 at 23:42
Hasnain Abidi
134
add a comment |
up vote
0
down vote
favorite
I am using annotation @Secured("ROLE") on spring mvc controllers, what I want to do is access the value of annotation '@Secured("ROLE") on the controller being invoked based on the request url using filter, then set a parameter on request object request.setParameter(key, value) based on the supplied value of annotation which is 'ROLE' in this case.
I wanted to know how do I access this value of annotation and which spring security filter I should be extending to add a parameter to request object request.setParameter(key, value) and this request parameter should be accessible in controller as well
EDIT:
As the question was marked too broad, let me add more detail.
So I am currently migrating struts 1 action classes to spring mvc, and also adding spring security.
In older implementation, what is happening is when the user is authenticated we put a HashMap<String, AuthObj> in session object where key for this HashMap is the role/privilege and value AuthObj is a object which contains multiple props related to that particular 'Role' and that particular user which was authenticated.
Then there is a org.apache.struts.tiles.TilesRequestProcessor which is executed just before any struts action is invoked, what we are doing in this TilesRequestProcessor is we access the action class config org.apache.struts.config.ActionConfig to read the role/privilege required to invoke that particular action class and then put some properties in request/session object based on the 'role' required to invoke that action class, and the key of this property is same for every action class so that when we access this property in action class later, we don't have to use different key.
My question was how can this be achieved using spring mvc and spring security, important thing is when we put this obj in session/request object, the key should be same for every action class, otherwise i'll have to modify 100s of methods in older code which i am migrating from struts to spring.
java spring spring-mvc spring-boot spring-security
asked Nov 8 at 23:42
Hasnain Abidi
134
2
While you have give a very specific technical requirement, can you explain your primary intent first. For example, by doing what you have explained, what are you intending to achieve finally? It might so turn out, that there exists a better and neater approach to achieving the same end goal.
– Arun Patra
Nov 9 at 6:29
@ArunPatra I've added more detail to the question.
– Hasnain Abidi
Nov 9 at 19:18
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am using annotation @Secured("ROLE") on spring mvc controllers, what I want to do is access the value of annotation '@Secured("ROLE") on the controller being invoked based on the request url using filter, then set a parameter on request object request.setParameter(key, value) based on the supplied value of annotation which is 'ROLE' in this case.
I wanted to know how do I access this value of annotation and which spring security filter I should be extending to add a parameter to request object request.setParameter(key, value) and this request parameter should be accessible in controller as well
EDIT:
As the question was marked too broad, let me add more detail.
So I am currently migrating struts 1 action classes to spring mvc, and also adding spring security.
In older implementation, what is happening is when the user is authenticated we put a HashMap<String, AuthObj> in session object where key for this HashMap is the role/privilege and value AuthObj is a object which contains multiple props related to that particular 'Role' and that particular user which was authenticated.
Then there is a org.apache.struts.tiles.TilesRequestProcessor which is executed just before any struts action is invoked, what we are doing in this TilesRequestProcessor is we access the action class config org.apache.struts.config.ActionConfig to read the role/privilege required to invoke that particular action class and then put some properties in request/session object based on the 'role' required to invoke that action class, and the key of this property is same for every action class so that when we access this property in action class later, we don't have to use different key.
My question was how can this be achieved using spring mvc and spring security, important thing is when we put this obj in session/request object, the key should be same for every action class, otherwise i'll have to modify 100s of methods in older code which i am migrating from struts to spring.
java spring spring-mvc spring-boot spring-security
asked Nov 8 at 23:42
Hasnain Abidi
134
I am using annotation @Secured("ROLE") on spring mvc controllers, what I want to do is access the value of annotation '@Secured("ROLE") on the controller being invoked based on the request url using filter, then set a parameter on request object request.setParameter(key, value) based on the supplied value of annotation which is 'ROLE' in this case.
I wanted to know how do I access this value of annotation and which spring security filter I should be extending to add a parameter to request object request.setParameter(key, value) and this request parameter should be accessible in controller as well
EDIT:
As the question was marked too broad, let me add more detail.
So I am currently migrating struts 1 action classes to spring mvc, and also adding spring security.
In older implementation, what is happening is when the user is authenticated we put a HashMap<String, AuthObj> in session object where key for this HashMap is the role/privilege and value AuthObj is a object which contains multiple props related to that particular 'Role' and that particular user which was authenticated.
Then there is a org.apache.struts.tiles.TilesRequestProcessor which is executed just before any struts action is invoked, what we are doing in this TilesRequestProcessor is we access the action class config org.apache.struts.config.ActionConfig to read the role/privilege required to invoke that particular action class and then put some properties in request/session object based on the 'role' required to invoke that action class, and the key of this property is same for every action class so that when we access this property in action class later, we don't have to use different key.
My question was how can this be achieved using spring mvc and spring security, important thing is when we put this obj in session/request object, the key should be same for every action class, otherwise i'll have to modify 100s of methods in older code which i am migrating from struts to spring.
java spring spring-mvc spring-boot spring-security
java spring spring-mvc spring-boot spring-security
asked Nov 8 at 23:42
Hasnain Abidi
134
asked Nov 8 at 23:42
Hasnain Abidi
134
edited Nov 9 at 19:18
asked Nov 8 at 23:42
Hasnain Abidi
134
asked Nov 8 at 23:42
Hasnain Abidi
134
asked Nov 8 at 23:42
Hasnain Abidi
134
134
2
While you have give a very specific technical requirement, can you explain your primary intent first. For example, by doing what you have explained, what are you intending to achieve finally? It might so turn out, that there exists a better and neater approach to achieving the same end goal.
– Arun Patra
Nov 9 at 6:29
@ArunPatra I've added more detail to the question.
– Hasnain Abidi
Nov 9 at 19:18
add a comment |
2
While you have give a very specific technical requirement, can you explain your primary intent first. For example, by doing what you have explained, what are you intending to achieve finally? It might so turn out, that there exists a better and neater approach to achieving the same end goal.
– Arun Patra
Nov 9 at 6:29
@ArunPatra I've added more detail to the question.
– Hasnain Abidi
Nov 9 at 19:18
2
2
While you have give a very specific technical requirement, can you explain your primary intent first. For example, by doing what you have explained, what are you intending to achieve finally? It might so turn out, that there exists a better and neater approach to achieving the same end goal.
– Arun Patra
Nov 9 at 6:29
While you have give a very specific technical requirement, can you explain your primary intent first. For example, by doing what you have explained, what are you intending to achieve finally? It might so turn out, that there exists a better and neater approach to achieving the same end goal.
– Arun Patra
Nov 9 at 6:29
@ArunPatra I've added more detail to the question.
– Hasnain Abidi
Nov 9 at 19:18
@ArunPatra I've added more detail to the question.
– Hasnain Abidi
Nov 9 at 19:18
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53217797%2faccess-spring-security-annotations-from-spring-security-filter%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
While you have give a very specific technical requirement, can you explain your primary intent first. For example, by doing what you have explained, what are you intending to achieve finally? It might so turn out, that there exists a better and neater approach to achieving the same end goal.
– Arun Patra
Nov 9 at 6:29
@ArunPatra I've added more detail to the question.
– Hasnain Abidi
Nov 9 at 19:18