reset password
Author Message
raylongma1018
Posts: 81
Posted 13:21 Aug 16, 2015 |

from the homework description you said we need to write the security measures in hw5.txt file

is this part more like a readme.txt file? shall we need to show the code and then explain how each code works, and show you what we implemented in applicationcontext and how authenticaion and authorization work depends on what type of users login to the system(member, admin, reviewer..)?

or we just simply explain how authorization works on each html page without providing the code.

for the extra credit, in order to earn 30 pts, what do you expect from us? if we provide sufficient links for users browsing every pages. will that be enough to earn full credit(30pt)? 

cysun
Posts: 2935
Posted 13:50 Aug 16, 2015 |

For hw5.txt, using code snippets is probably the best way. For example, suppose I need to explain what I did for the security measures listed on Slide #31 in the Declarative Security (II) lecture, my hw5.txt would look like this:

  • Users must log in to access user management functions

All user management functions are mapping to URL pattern /user/** so this one is implemented using URL security: <intercept-url pattern="/user/**" access=“authenticated" />

  • A user can only view/edit their own account.

Use @PostAuthorize on UserDao.getUser() to control who can view a User:

@PostAuthorize ("principal.username == returnObject.username")
public User getUser( Integer id )

Use @PreAuthorize on UserDao.saveUser() to control who can edit a User:

@PreAuthorize ("principal.username == #user.username")
public User saveUser( User user )

... ...

You don't need to explain a lot as we can tell from the code how it works.

 

 

 

cysun
Posts: 2935
Posted 13:55 Aug 16, 2015 |

To get full 30pt extra credit the UI must be near professional quality. Even to get some extra credit, the UI needs to be well designed functionally and somewhat aesthetically pleasing. For most students I wouldn't recommend spending too much time on UI as the extra credit you get is probably going to be below your expectations.