by Scott The Scot
on Stack Overflow
See other posts from Stack Overflow
or by Scott The Scot
Published on 2010-05-17T15:41:36Z Indexed on 2010/05/19 7:40 UTC
Read the original article Hit count: 161
At present the jsp pages have normal authorize tags to conditionally render links and information etc. The website is on the intranet, and we're using Spring Security 2.0.4.
Ive now got a business user who wants to allow all roles to access everything for the first few weeks, then gradually add the security back in as feedback is gathered from the business.
Rather than go through every page, removing the authorize tags, only to have to put them back in, is is possible to configure these through an aspect, or is there any other way to externalize this into a config file ? I've found Spring's MethodSecurityInterceptor and the meta data tags, but these wouldn't give me the externalization.
I've been on google for the last hour, and am now pretty sure this can't be done, but would love to find out I haven't been asking the right questions.
© Stack Overflow or respective owner