I want to provide security one way or another for Sending and Getting JSON Data,but I don't know how to do this.
Our System has roles of users (System admin, General Members, etc.)
We decided send data as JSON using the Spring MVC URL pattern. I don't want everybody that outside from system to use this URL, only users can use the URL.
You want to implement security into your Spring Web application. You can do this at two ways:
Try to make another xml file as like applicationContext-security.xml Here is an example:
<http use-expressions="true"> <intercept-url pattern="/" access="permitAll"/> <intercept-url pattern="/static/**" filters="none" /> <intercept-url pattern="/**" access="isAuthenticated()" /> <form-login /> <logout /> </http>
Here we see that
permitAll means permit everybody who wants to reach that URL.
filters = none has the same effect but it means that user will not go over Spring Security(Previous one goes over Spring Security but has access, filtering doesn't applied).
isAuthenticated means that user can reach there if authenticated. You can also apply role based acces to urls.
Other security implementation base on middle tier security. You should add this line at your application context security file:
<global-method-security pre-post-annotations="enabled" />
so you can use method based security as like:
@PreAuthorize("hasRole('ROLE_SUPERVISOR')") void storeVisit(Visit visit) throws DataAccessException;
You can start to reading with Spring Security implementation of Spring's Pet Clinic example: http://static.springsource.org/spring-security/site/petclinic-tutorial.html
Also I recommend you read here: http://www.mularien.com/blog/2008/07/07/5-minute-guide-to-spring-security/