1

We have created application using Spring Boot Microservices, application contains jsp pages and rest uri.

For this type of architecture expect suggestions to secure pages and uri. I want role and permission based access, where permission contains all pages and uri listed and role_permission_mapping has mapping of uri/pages against role.

Admin have rights to add Role, Permission and Mapping dynamically using some UI.

Image below shows sample table structure.

Suggest me if we have built-in mechanism which provides out of box support for this type of requirement.

enter image description here

Yogesh Prajapati
  • 4,770
  • 2
  • 36
  • 77

1 Answers1

0

You can use the concept of intercept-url in spring security for this.

  1. Java Based Configuration - h ttp://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#authorize-requests
  2. XML Based Configuration - h ttp://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#ns-minimal and h ttp://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#nsa-intercept-url

In your case, the URL to be intercepted is "permission". And in your particular case, you would want to dynamically configure the intercept URLs in spring security, reading them (permissions) from your database. You may look at the following answers to achieve the same by implementing a custom FilterInvocationSecurityMetadataSource. -

  1. how can I manage spring security url pattern in java class instead of xml config
  2. How to dynamically decide <intercept-url> access attribute value in Spring Security?

P.S: Sorry for the broken links for spring documentation. StackOverflow does not allow me to post more than 2 links as I am a new contributor here.

Community
  • 1
  • 1
Manu
  • 1
  • 1