Get Spring Security intercept urls from database or properties

Question

Hopefully this is super simple, exists, and I\'m overlooking something right under my nose. I know that I can restrict access via annotations:

@Secured({\"R         


        

Answer 1

do you want to use something like this in you spring xml?

<!-- Settings -->
<b:bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
    <b:property name="locations">
        <b:value>/WEB-INF/config.properties</b:value>
    </b:property>
</b:bean>

and then als in your Spring XML:

<http entry-point-ref="authenticationProcessingFilterEntryPoint">
        <intercept-url pattern='/custom/**' access="${roles.admin}"/>
</http>

Answer 2

It's been a while, but you can create a Voter object which helps decide whether to allow access to a URL. The Voter object can load data from the database, or a file, or just randomly return Allow, Deny, or Abstain.