java - Spring Security url authorization for url falls under secured url ie. intercepted url /admin, how to secure urls under it ie.admin/newEmployee -


i developing application spring , hibernate. there 2 roles in system admin , user. admin can create,update,delete user of system. user can view profile , others profile only.

work i've done regarding security:

i have mapped /admin url intercept url , /user url well.

problem i'm facing:

i have put urls under admin url like/admin/newemployee,admin/editemployee i'm not able secure urls...

please find me way out.

spring-security.xml

<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans"        xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"        xmlns:security="http://www.springframework.org/schema/security"        xmlns:p="http://www.springframework.org/schema/p"         xsi:schemalocation="http://www.springframework.org/schema/beans                            http://www.springframework.org/schema/beans/spring-beans.xsd                            http://www.springframework.org/schema/security                            http://www.springframework.org/schema/security/spring-security-3.2.xsd">    <security:http auto-config="true">    <security:intercept-url pattern="/admin*" access="role_admin" />       <security:logout logout-success-url="/index" />    <security:intercept-url pattern="/user*" access="role_user" />       <security:logout logout-success-url="/index" /> </security:http>       <security:authentication-manager>       <security:authentication-provider>         <security:user-service>             <security:user name="user" password="user" authorities="role_user" />                     <security:user name="admin" password="admin" authorities="role_admin" />         </security:user-service>       </security:authentication-provider>     </security:authentication-manager>  </beans> 

employeecontroller.java

@controller public class employeecontroller {      private static final logger logger = logger         .getlogger(employeecontroller.class);      public employeecontroller() {         system.out.println("employeecontroller()");     }      @autowired     private employeeservice employeeservice;      //mappings login     @requestmapping(value="/user", method = requestmethod.get)     public string executesecurity( modelandview model ) {          model.addobject("author", "");         model.addobject("message", "user!!!");         return "welcome";     }      @requestmapping(value="/admin", method = requestmethod.get)     public string executesssecurity( modelandview model  ) {          model.addobject("author", "");         model.addobject("message", "admin!!!");         return "welcome";      }      @requestmapping(value="/login", method = requestmethod.get)     public string login(modelmap model) {          return "login";      }      @requestmapping(value="/fail2login", method = requestmethod.get)     public string loginerror(modelmap model) {          model.addattribute("error", "true");         return "login";      }      @requestmapping(value="/logout", method = requestmethod.get)     public string logout(modelmap model) {          return "login";      }      //mappings related employee data      //employee directory mappings      //employee creation mappings      @requestmapping(value = "admin/newemployee", method = requestmethod.get)     public modelandview newcontact(modelandview model) {         employee employee = new employee();         model.addobject("employee", employee);         model.setviewname("createuser");         return model;     }      //save employee  mappings     @requestmapping(value = "admin/saveemployee", method = requestmethod.post)     public modelandview saveemployee(@modelattribute employee employee) {         if (employee.getempid() == 0) { // if employee id 0 creating         // employee other updating employee             employeeservice.addemployee(employee);         } else {             employeeservice.updateemployee(employee);         }         return new modelandview("redirect:/listempoyee");     }      //delete employee  mappings     @requestmapping(value = "admin/deleteemployee", method = requestmethod.get)     public modelandview deleteemployee(httpservletrequest request) {         int employeeid = integer.parseint(request.getparameter("id"));         employeeservice.deleteemployee(employeeid);         return new modelandview("redirect:/listemployee");     }      //edit employee  mappings     @requestmapping(value = "admin/editemployee", method = requestmethod.get)     public modelandview editcontact(httpservletrequest request) {         int employeeid = integer.parseint(request.getparameter("id"));         employee employee = employeeservice.getemployee(employeeid);         modelandview model = new modelandview("createuser");         model.addobject("employee", employee);          return model;     }      // employee profile  mappings     @requestmapping(value = {"/admin/profile", "/user/profile"}, method = requestmethod.get)     public modelandview getemployee(httpservletrequest request, modelandview model) {          int employeeid = integer.parseint(request.getparameter("id"));         employee employee = employeeservice.getemployee(employeeid);          model.addobject("employee", employee);          string url =(request.getrequesturl().tostring()) ;         int s= url.indexof("/iconnect");         string str = url.substring(s);         if(str.equals("/iconnect/admin/profile"))             model.setviewname("profile");         else             model.setviewname("profile");          return model;     }  } 


Comments

Popular posts from this blog

ZeroMQ on Windows, with Qt Creator -

unity3d - Unity SceneManager.LoadScene quits application -

python - Error while using APScheduler: 'NoneType' object has no attribute 'now' -