[BLOSSOM-193] Annotating controllers with @Secured Created: 29/Sep/14 Updated: 12/Dec/14 Resolved: 12/Dec/14 |
|
| Status: | Closed |
| Project: | Blossom |
| Component/s: | None |
| Affects Version/s: | 3.0.3 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Vasily Kartashov | Assignee: | Tobias Mattsson |
| Resolution: | Inactive | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: |
| Description |
|
Hello, I'm trying to integrate spring security with magnolia @Controller @Template(id = HomePageTemplate.ID, title = "Home Page", dialog = HomePageDialog.ID) public class HomePageTemplate { public static final String ID = "example:pages/home-page"; @Secured("superuser") @RequestMapping("/home-page") public String render(Model model) { model.addAttribute("name", "World"); return "home-page"; } } Is there a preferred way to make Spring Security to user Magnolia as backend. If not, do you think you could tell me what is required to do so? Best, |
| Comments |
| Comment by Tobias Mattsson [ 03/Oct/14 ] |
|
Should be doable by implementing a custom UserDetailsService that bridges into Magnolias security APIs and maps its model onto the Spring Security model. This won't be trivial to do though. Have you asked on the user list if someone have tried this before? I know that there have been integrations done but I'm haven't heard of this exact scenario. As an alternative you could just ask for the Magnolia user object and manually test it for the role. public String render(Model model, User user) { if (!user.hasRole("superuser")) ... |