security-roles

Is it possible to add the Roles but not hard-coding the values like: [Authorize(Roles="members, admin")] I would like to retrieve these roles from a database or configuration file where I wouldn't need to rebuild the application if I needed to add/remove Roles for a Controller Action. I know with the enums it can be done... http://www.vivienchevallier.com/Articles/create-a-custom-authorizeattribute-that-accepts-parameters-of-type-enum but even this is still not flexible enough for my needs; it's still somewhat of a hard-code, even though it is cleaner. You can create your custom authorization

The production change implementers for our IT group have been tasked with reviewing the security for all of the various objects in our group, primarily to make sure that people who have left our employ or have transferred to other groups no longer have access to our server shares, web directories, sql databases, etc etc. We recently completed the SQL portion and we have a re-usable script that can be run annually (or at whatever frequency we come up with). It worked great and we audited 20 databases across 10 or so servers withing a few minutes. Now, for the server stuff. I have an application

How do I set the role prefix to "" with a custom user details service in Spring? <beans:bean id="authService" class="com.cisco.badges.business.services.AuthenticationService"/> <authentication-manager> <authentication-provider user-service-ref="authService"> <password-encoder ref="passwordEncoder"> <salt-source ref="saltSource" /> </password-encoder> </authentication-provider> </authentication-manager> @Service("authService") public class AuthenticationService extends BaseService implements UserDetailsService, IAuthenticationService { @Autowired IUserRepository userRepository; @Autowired

I'm struggling to implement ACL in CakePHP. After reading the documentation in the cake manual as well as several other tutorials, blog posts etc, I found Aran Johnson's excellent tutorial which has helped fill in many of the gaps. His examples seem to conflict with others I've seen though in a few places - specifically in the ARO tree structure he uses. In his examples his user groups are set up as a cascading tree, with the most general user type being at the top of the tree, and its children branching off for each more restricted access type. Elsewhere I've usually seen each user type as a

In Spring Security we use the intercept-url tag to define the access for URLs as below: <intercept-url pattern="/**" access="ROLE_ADMIN" /> <intercept-url pattern="/student" access="ROLE_STUDENT" /> This is hard coded in applicationContext-security.xml . I want to read the access values from a database table instead. I have defined my own UserDetailsService and I read the roles for the logged in user from the database. How do I assign these roles to the URL patterns during runtime? The FilterInvocationSecurityMetadataSourceParser class in Spring-security (try Ctrl/Cmd+Shift+T in STS with the