How to implement an interface for different privileges?

A

ar52017-06-14 14:16:06

Java

ar5, 2017-06-14 14:16:06

Hello, perhaps the question is not formulated very capaciously, now I will reveal its essence.
The interface is built according to the rules if you are an administrator, then some fields or features are shown. We sign each header with a unique token and identify the user in the system. If we log in initially, then everything is clear. We get user data and draw the interface.
But what if I want to store token and role and user information in localstorage . And do not go through the authorization stage again, but correctly identify the user's privileges in the system (suddenly, if someone wants to change the role) and render the correct interface.
Option 1. Pass the role in the header and check in the system, if it’s incorrect, issue it401 (Unathorized) or update data according to role

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

P

Pavel Dudenkov, 2017-06-22
@viperz

Modern applications use Spring Security, it allows you to make simple authorization in just a couple of lines of code / settings, as well as, naturally, very flexible and deep customization of roles and so on. You can see simple examples of how this is done here: https://www.youtube.com/watch?v=LV0mdCWq2wY&index=... and in the 10th video about roles.