Answer the question
In order to leave comments, you need to log in
A
A
ANDREW_TUR2018-01-03 17:34:13
ANDREW_TUR, 2018-01-03 17:34:13
spring security. Different rights for different users. (How to hide for Kolya (one of the users) the ability to "Create a post") ???
I'm making a Java web application using:
- Spring MVC
- Spring Security
- Hibernate
Distribution of access rights to resources/pages is done through Spring Security. There are three roles:
- User
- Admin
- SuperAdmin
I want the admin to be able to edit the user rights of ordinary users, for example:
user Vasya can edit and create posts,
user Kolya can edit, but not create.
That Kolya that Vasya is the role of User ....
Question : how to hide the ability to "Create a post" for Kolya? What are the ways to implement this functionality?
1 answer(s)
@ANDREW_TUR
A
Alexander Kosarev, 2018-01-04 @ANDREW_TUR
The option is simple: you create permissions for each action (something like CREATE_POST, MODIFY_POST, etc.), store the issued permissions in the database (personally or through user roles / groups), and pull them up during authorization. To check, you use hasAuthority in the access rules settings or in the method access restriction annotations ( Method Security ).
Option two and tricky: use ACLs in Spring Security.
Similar questions
X
I
M
D
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question