Cetin Imre Cetin Imre - 1 year ago 59
JSON Question

Security in Spring MVC and JSON

I want to provide security one way or another for Sending and Getting JSON Data,but I don't know how to do this.

Our System has roles of users (System admin, General Members, etc.)

We decided send data as JSON using the Spring MVC URL pattern. I don't want everybody that outside from system to use this URL, only users can use the URL.



Each request time for different URLs, Should I control the username and password whether registered before? or What should I do for Security?

Answer Source

You want to implement security into your Spring Web application. You can do this at two ways:

  • Url Based Security
  • Method Based Security

Try to make another xml file as like applicationContext-security.xml Here is an example:

<http use-expressions="true">
    <intercept-url pattern="/" access="permitAll"/>
    <intercept-url pattern="/static/**" filters="none" />
    <intercept-url pattern="/**" access="isAuthenticated()" />
    <form-login />
    <logout />

Here we see that permitAll means permit everybody who wants to reach that URL. filters = none has the same effect but it means that user will not go over Spring Security(Previous one goes over Spring Security but has access, filtering doesn't applied). isAuthenticated means that user can reach there if authenticated. You can also apply role based acces to urls.

Other security implementation base on middle tier security. You should add this line at your application context security file:

<global-method-security pre-post-annotations="enabled" />

so you can use method based security as like:

void storeVisit(Visit visit) throws DataAccessException;

You can start to reading with Spring Security implementation of Spring's Pet Clinic example: http://static.springsource.org/spring-security/site/petclinic-tutorial.html

Also I recommend you read here: http://www.mularien.com/blog/2008/07/07/5-minute-guide-to-spring-security/