close
Newest Post

Exposing the boot classpath in OSGi

Read more

Spring Security customization (Part 2 - Adjusting secured session in real time)

Imagine you are in the secured session (you are logged on and are authorized to access a particular resource), but your security infrastructure team has updated your rights and privileges. Perhaps you were given more rights and privileges or perhaps your rights were completely revoked… The problem is that your secured session is registered in session registry and until you log-off/log-on the Principal which represents you in this secured session will not be recreated. And what if the situation is even more dramatic (after all we are talking security here)… You are a disgruntled employe and your immediate management found out about your “wrong doings”, but it takes your company 5 meetings and 10 approval forms to get something done, and until that happens you are free to cause even more harm???

Read more

Spring Security customization (Part 1 - Customizing UserDetails or extending GrantedAuthority)

This is the first part of what I hope will become a multipart series of small posts showing practical examples around Spring Security customization. The requirements for these customizations are not imaginary and all came from the field…

Assume you have the following requirement. You have a list of roles where each role contains  list of business functions applicable to this role (see below):

ROLE_ADMIN
    BF_QUOTE_CREATE
    BF_POLICY_CREATE
    BF_POLICY_DELETE

ROLE_AGENT
    BF_QUOTE_CREATE
    BF_POLICY_CREATE

Read more