Do not prescribe roles in web.xml, but take them from the database?

A

Alena2017-03-14 20:41:59

PostgreSQL

Alena, 2017-03-14 20:41:59

Hello, I'm trying to implement authorization in my project using JDBCRealm. I prescribe everything, it works, the only catch is that, the roles should be taken from the database, edited, added / removed. Help, how to implement this, or at least in what direction to hiccup, I seem to have climbed the entire Internet :(
a piece of web.xml

<login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/loginError.html</form-error-page>
        </form-login-config>
    </login-config> 
    <security-constraint> 
        <web-resource-collection>
            <web-resource-name>private</web-resource-name>
            <url-pattern>/faces/private/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection> 
        <auth-constraint> 
            <role-name>admin</role-name> //  вот здесь явно заданы роли и все работает, но мне нужно
            <role-name>user</role-name>    //  чтобы они брались из БД
            <role-name>vis</role-name>
         </auth-constraint>
    </security-constraint>

I hope I explained clearly :(

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

E

Eugene Khrustalev, 2017-03-14
@SAlenaA

Using the JDBC Realm for User Authentication

A

aol-nnov, 2017-03-14
@aol-nnov

in the spring it is fashionable to write on the "spring". especially the "safety spring" will help you in your search