I'm using the LDAP plugin along with the Spring Security plugin. The LDAP plugin fetches the groups that the logged in user belongs to. My application has two roles admin and normal. Instead of hardcoding roles I'd like to make them configurable via a properties file. Such that instead of writing
@Secured(["ROLE_ADMINS"])
I could write something like
@Secured(["role.admins"])
where role.admins=ROLE_ADMINS in a config file.
This way I can take the same WAR file and deploy it at multiple clients where each of them have their own standardized ways of configuring group names in ActiveDirectory.
You could get that working, but I think there's a better option. The annotation is a bit rigid currently and only supports roles that start with
ROLE_, the 3 special tokensIS_AUTHENTICATED_FULLY,IS_AUTHENTICATED_REMEMBEREDorIS_AUTHENTICATED_ANONYMOUSLY, and SpEL expressions. But you can calls Spring beans from SpEL expressions, so you should consider calling a method in a service and do the work there; the syntax would using the @ symbol:and that implementation can be as complicated as it needs to be and could read information from
Config.groovyand/or property files, but the annotated code won't get cluttered with security concerns.Another option is to use a closure in the annotation; this is a new feature and is described in the @Secured part of the What's New section.