[BLOSSOM-193] Annotating controllers with @Secured Created: 29/Sep/14  Updated: 12/Dec/14  Resolved: 12/Dec/14

Status: Closed
Project: Blossom
Component/s: None
Affects Version/s: 3.0.3
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Vasily Kartashov Assignee: Tobias Mattsson
Resolution: Inactive Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Hello,

I'm trying to integrate spring security with magnolia

@Controller
@Template(id = HomePageTemplate.ID, title = "Home Page", dialog = HomePageDialog.ID)
public class HomePageTemplate {

    public static final String ID = "example:pages/home-page";

    @Secured("superuser")
    @RequestMapping("/home-page")
    public String render(Model model) {
        model.addAttribute("name", "World");
        return "home-page";
    }
}

Is there a preferred way to make Spring Security to user Magnolia as backend. If not, do you think you could tell me what is required to do so?

Best,
Vasily



 Comments   
Comment by Tobias Mattsson [ 03/Oct/14 ]

Should be doable by implementing a custom UserDetailsService that bridges into Magnolias security APIs and maps its model onto the Spring Security model. This won't be trivial to do though. Have you asked on the user list if someone have tried this before? I know that there have been integrations done but I'm haven't heard of this exact scenario.

As an alternative you could just ask for the Magnolia user object and manually test it for the role.

public String render(Model model, User user) {
    if (!user.hasRole("superuser")) ...
Generated at Sun Feb 11 23:31:04 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.