Tag: spring

Posted on

Rod Johnson, founder of the Spring Framework, leaves VMWare/SpringSource

When Rod Johnson started the Spring Framework back in the early 2000s, he showed J2EE developers that there are better ways to build enterprise Java apps, and he provided the framework to help you do it. Anyone having experienced the pain of developing EJB 2.x beans during this time with it’s clunky api and verbose deployment descriptors and then since worked with the Spring Framework can attest to the huge benefits of developing apps using Spring’s much simpler, lightweight approach. Spring’s success has arguably been a significant influence on the ‘ease of use’ focus for the simplifications and improvements made in EE5 and EE6 in recent years.

Rod recently announced that he’s leaving VMWare to pursue other interests – I wish him success in his future endeavors and thanks for the impact you’ve made to enterprise Java development in the past 10+ years.

 

Posted on

Enabling Spring Security Expression-based Access Control for methods in a Spring Roo app

Expression-based Access Control allows you to annotate specific methods with access rules. To enable, add the following element to your webmvc-config.xml file for your Roo webapp (not the security context file, it must be in the context file for the web app):

<security:global-method-security pre-post-annotations="enabled"/>

The explanation for why this needs to be in your webapp context is covered here.

Posted on

Changing the default page in a Spring Roo app

To map a default Spring MVC view to a URL, for example to map the default URL, /, add this to your webmvc-config.xml file to define a static view, i.e. a view not using an explicit Controller:

<mvc:view-controller path="/" view-name="index"/>

You can change the view-name attribute to point to any other view if you need to have a default other than /views/index.jspx .

Note that using the web.xml welcome file only works for a real file, and doesn’t work to map to a Spring MVC view URL:

<welcome-file-list><welcome-file>/index</welcome-file></welcome-file-list>

 

Posted on

Configuring Spring Security for finer grained url pattern matching with a Spring Roo app

By default, after you’ve added Spring Security to your Roo app with ‘security setup’, you get an example config in a applicationContext-security.xml file like this:

    <http auto-config="true" use-expressions="true">
    	<form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t"/>
        <logout logout-url="/resources/j_spring_security_logout"/>

        <!-- Configure these elements to secure URIs in your application -->
        <intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')"/>
        <intercept-url pattern="/member/**" access="isAuthenticated()" />
        <intercept-url pattern="/resources/**" access="permitAll" />
        <intercept-url pattern="/**" access="permitAll" />
    </http>

The default pattern matching approach is to use Ant style path matching. If you need to be more specific for what URLs you need to define security against, then you can change to use regex style pattern matching by adding this attribute to the <http> element:

<http ... path-type="regex" ... >

Now, let’s say you need to have different roles for creating verses listing member records – Spring Roo uses a couple of GET parameters to distinguish between these actions, so using regex you can match on these like this:

        <intercept-url pattern="/member?form" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/member?page.*" access="hasRole('ROLE_USER')" />
Proudly powered by WordPress