How do I set the role prefix to "" with a custom user details service in Spring? <beans:bean id="authService" class="com.cisco.badges.business.services.AuthenticationService"/> <authent...

There are three default security roles in CloudKit: World Authenticated Creator And three permissions: Create Read Write How do these security roles and permissions work? Here are example...

In Spring Security we use the intercept-url tag to define the access for URLs as below: <intercept-url pattern="/**" access="ROLE_ADMIN" /> <intercept-url pattern="/student" access="ROLE_...

After reading http://en.wikipedia.org/wiki/Role-based_access_control and seeing the way people are building authorization/access control, this question came to my mind "Why we are checking roles of...

I know Spring Security is good for standard role and permission based authorisation. What I'm not sure is this scenario: There are 10,000 employees managed in the system, employees organised into ...

I have mvc application and I'm working with poco objects and writing unit test. Problem is that all my test fail when they reach this line of code Roles.IsUserInRole("someUser", "role"). Should I i...

I run JavaEE 6 web application on Glassfish 3. I use JAAS with jdbcRealm and default principal to role mapping. In my database I have table for mapping usernames to their roles: username | role -...

I've been reading about AngularJS and it seems very promising, the only thing I'm trying to figure out, not specific for framework, but it's general for client-side template. Let's say you have a ...

A lot of articles online on role based access speak of applying something like this to ensure role based access to a controller or action [Authorize(Roles = "Admin, Manager")] public class SomeCon...

I am trying to make sure that all users have been assigned a particular role. Is there any view or SQL query for getting this information?

Is it possible to add the Roles but not hard-coding the values like: [Authorize(Roles="members, admin")] I would like to retrieve these roles from a database or configuration file where I wouldn...

We have a security module which, based on group/role membership, controls permissions to resources in ASP.Net. I've built a custom ASP.Net Role Provider that queries Active Directory for group memb...

I'm currently looking into the spring-security framework - great stuff so far, pretty impressed. However, I haven't found out where or how to define a inheritance of permissions. e.g. I want the R...

I'm starting to implement authorization and authentication mechanism using LDAP, for some existing system. On the development stage, I'm facing a difficult design decision: where should user roles ...

I have an ASP.Net website with multiple roles, each with access to a separate directory (i.e. admin users can access /admin, shoppers can access /shop etc), using a shared login page. If someone vi...

What is the difference between ROLE_USER and ROLE_ANONYMOUS in a Spring intercept url configuration such as the example below? <http auto-config="false" access-decision-manager-ref="accessDecis...

A precursor: I've worked now in two enviroments with conflicting principals on this. I am outlining the competing ideas and would like to know which is 'correct' given the scenario described. Scen...

I have medium sized MySQL database with a primary "persons" table which contains basic contact information about every human being connected to the theatre and theatre school for which I am respons...

The production change implementers for our IT group have been tasked with reviewing the security for all of the various objects in our group, primarily to make sure that people who have left our em...

I'm struggling to implement ACL in CakePHP. After reading the documentation in the cake manual as well as several other tutorials, blog posts etc, I found Aran Johnson's excellent tutorial which ha...