Showing posts from August, 2012

Creating Spring Boot MVC application with AWS DynamoDB in 10 mins

AWS DynamoDB DB is a serverless NOSQL database. You can understand how to build a spring boot Java web MVC application (Game Leaderboard) reading a AWS DynamoDB in 10 mins. Source of the demo code: Command to run the project: mvn spring-boot:run Video explain the table design: Prerequisite: Install the AWS CLI: Video explain the how to create the table:

Writing your spring security expression language annotation - PART 3

In the last part of tutorial, I will discuss how to override the behaviour of defualt spring security method expression. You may wonder why I need to override the default behaviour of these methods. The reason behind is that, in recent development project, we are reviewing the developer's code and we hope to maintain a standard coding practice. We find that the default method expression is too flexible. In our case, under similar coding scenario, some developers use hasRole() for security checking while other developers using hasPermission() for security checking. In order to keep the maintainability of the program, we thus have an idea to disallow developer to use certain secruity method expression. That's why we have the crazy idea of overriding the default behaviour of these methods. (This may not be a good idea :P. But anyway, we have implement it :D) In this example, I simply show how to override the default behaviour of hasRole() method. You can not do this by override

Writing your spring security expression language annotation - PART 2

We are now going into the second part of the tutorial. In this post, it will show you how to add a new custom expression for @PreAuthorize annotation. For example, I will show how to add a adminOnly() expression language to the security expression root. Step 1: Define your custom security expression root class You have to first create a new security expression root class. This class should be extended from the abstract class You can add your custom This class is similar to but with your new custom method added. As an example, I just add a very simple mehod adminOnly() which check if the user has admin role. public class MyMethodSecurityExpressionRoot extends SecurityExpressionRoot { private static Logger logger = LoggerFactory.getLogger(MyMethodSecurityExpressionRoot.class); private Object filterObject; priva

Writing your spring security expression language annotation - PART 1

Spring security expression language is very useful. It helps to secure your service/web methods with one line of code. It supports @PreAuthorize and @Secured. In the coming three posts, I will talk about how to add custom behaviour to the @PreAuthorize annotation. Part 1 - Customize "hasPermission()" expression Part 2 - Add new customize method security expression Part 3 - Override default behaviour of spring security expression (e.g. hasRole() , permitAll() ...) In this post, I will discuss how to add custom rule for permission checking in your application. This is somewhat similar to what describe in Sold Craft's post . You can reference it for more details. Step 1: Add configuration in your spring security xml file. You should first add the DefaultMethodSecurityExpressionHandler. It will instantiate a default MethodSecurityExpressionRoot which provides you all the default security expression (e.g. isAutghenticated(), isAnonymous() ,etc ) . Besides, you ha