Adding New Permission Types to Spring Security ACL

Domain object level security is probably least used feature of Spring Security compared to url based and method level security features for enterprise Java web applications. However, when you have a security requirement something like “I want to restrict some operations which is allowed for some roles based on criteria that can be obtained from […]

Allowing roles without defining them in intercept-url element

Spring Security Framework has lots of authentication and authorization features, and almost all of them can be customized and extended according to your own needs. One of the common requests I come up with is that developers don’t want to explicitly define roles which have administrative priviledges in intercept-url elements like below; <intercept-url pattern=”/secured/*” access=”ROLE_ADMINISTRATOR,ROLE_USER,ROLE_EDITOR”/> […]

If Your Eclipse Hangs…

Recently, my STS installation started to freeze during “initializing java/spring tooling” step. As a first attempt, I suspended all validations from window>preferences>validation, however it didn’t help much. Whenever you experience a hang or freeze in your Eclipse installation, it is always a good habit to look inside of .metadata/.log file in Eclipse workspace folder. Most […]