Spring security -how to add roles dynamically and depending on role there url access permission must change and when creating role we have to set url permissions dynamically
ex: for admin he can access all urls
and when i am creating another role like support i can set which urls he can access dynamically
Asked
Active
Viewed 723 times
0
Rajasekharareddy Satti
- 81
- 1
- 8
-
spring security can do that , what have you tried so far ? – Rafik BELDI Oct 08 '15 at 10:24
-
spring security can to that in static wahy i know but dynamically possible ? – Rajasekharareddy Satti Oct 08 '15 at 11:42
-
yes you can assign roles to user's dynamicly – Rafik BELDI Oct 08 '15 at 11:44
-
oh please send me link to example to tell me how to do that ? – Rajasekharareddy Satti Oct 09 '15 at 05:25
1 Answers
0
This is specifically what Spring authorization handles.
You can use Spring expressions like -
@PreAuthorize("hasAuthority('PERM_ADD')")
@RequestMapping("/add")
public String add() {
...
}
Here is the documentation -
https://docs.spring.io/spring-security/site/docs/current/reference/html/authorization.html
You may want to implement something like this example - https://stackoverflow.com/a/60251931/1308685
Where the user roles are mapped to more granular permissions.
Jeremy
- 2,970
- 1
- 26
- 50