reset password
Author Message
shahana
Posts: 11
Posted 16:49 May 30, 2009 |

From HW 7 description : "Only users who have signed in (i.e. users with ROLE_USER) can create blogs."

This is in addition to that logged in user should not already have a Blog...So user should be logged in and not have a blog to be able to create a new blog.

Thought will confirm

 

 

cysun
Posts: 2935
Posted 18:00 May 30, 2009 |

Yes.

liangxu
Posts: 15
Posted 18:39 May 30, 2009 |

We have particular requirements as follows,

  • Everyone (including anonymous user) can view the blogs.
  • Only users who have signed in (i.e. users with ROLE_USER) can create blogs.
  • Only users who have signed in (i.e. users with ROLE_USER) can leave comments.
  • Only the owner of a blog can create new entries for the blog.
  • A blog entry/comment can only be edited by its author or the administrators (i.e. users with ROLE_ADMIN).

The first 4 requirements have been already implemented in our previous homeworks.  Shall we just particularly work on

this last requirement?  Thanks.

 

cysun
Posts: 2935
Posted 18:47 May 30, 2009 |
liangxu wrote:

We have particular requirements as follows,

  • Everyone (including anonymous user) can view the blogs.
  • Only users who have signed in (i.e. users with ROLE_USER) can create blogs.
  • Only users who have signed in (i.e. users with ROLE_USER) can leave comments.
  • Only the owner of a blog can create new entries for the blog.
  • A blog entry/comment can only be edited by its author or the administrators (i.e. users with ROLE_ADMIN).

The first 4 requirements have been already implemented in our previous homeworks.  Shall we just particularly work on

this last requirement?  Thanks. 

You missed the most important requirement: Use the tools provided by Spring Security, e.g. URL security, access decision voters, security tag library and so on, to implement security for blogs. Unless that's what you did in previous homeworks, you must reimplement them in the proper way.