Let's imagine that we have some application with auhentication and users separation by their authorities.
There are also a set of allowed pages for every such authority.
E.g. we have such roles: anonymous, user and administrator. Anonymous is unauthorized user and can see only home page, user can see home and some other read-only pages, and administrator can see all pages.
But how we can implement such logic to be sure that everybody can acces only allowed pages?
Let's create @Allow annotation that will define all necessary user authorities to access the page.
So our pages will look like this one:
Now the only thing we need is to throw security exception when user tries to acces page that are not allowed for him. In the simpliest way it can look like this:
But we have such a nice t5 feature as component class transformers. It will look more clear with it.
We will just add needed annotations to our pages and the rest of work will be done for us. Looks like a magic, isn't it? :)
So, annotation worker:
And configuration:
In addition you will need to process security exception by your own. All needed information about this you can find here.
Of course, this example is very simple and a real application will need more complex security rules.
But all such complex rules can be placed in some particular security service that will be then accessed within SecurityAnnotationWorker.
I've implemented this pattern a number of times; I usually do it as a ComponentRequestFilter contributed to the ComponentRequestHandler service. The class transformation approach can be somewhat tricky ... I actually think you've mixed and matched two different approaches in your blog post here.
ReplyDeleteGood idea. Thanks a lot, will try it next Monday. And what do you mean when said two different approaches? I see only one, pages security via class transformation. Or have I something missed?
ReplyDelete