0

I have database like this:

ROLE1 -> /ui/ui1

ROLE1 -> /ui/ui2

ROLE2 -> /ui/ui2

How can I change ROLE2 -> /ui/ui1 in Runtime?

Because, I storage in database. :(

Community
  • 1
  • 1
Luc
  • 2,800
  • 2
  • 25
  • 46

1 Answers1

0

You can use PermissionEvaluator that which will check authorization with custom your implementation, in which you can check database and compare roles in runtime.

More about how to use it: http://docs.spring.io/spring-security/site/docs/4.0.3.RELEASE/reference/htmlsingle/#el-permission-evaluator

If you don't want to use annotations on methods, here is how you can add custom method to Web Security Expressions spring security:intercept-url pattern access="#id == 1 . Then you should be able to use it in configuration like:

    http.authorizeRequests()
            .antMatchers("/url1").access("hasPermission(#user,...)");

Other solution is to make use of custom filter in security filter chain that will check Authentication, url and database.

Mati
  • 2,476
  • 2
  • 17
  • 24