Reputation: 3014
Spring security permission
Current Requirement is to secure data using Spring security. Imagine a situation where admin can select any user and grants rights so that he will have permission to edit details of specific customer details in the form. Ex: Suppose there are 6 user. Now admin can grants rights to these 6 user as lets say user 1,2 can edit customer A,B,C form. and user3,4 can edit custom D,E,F form.There can be N number of user and M number of customer. The form will be shown in disabled mode to the user who does not have right to edit the customer form.Those who have rights they can edit the form. How can I acheive this using spring security. Spring security has something like hasRole ..but that is very specific.I want something like hasPermission.Tell me how can I check hasPermission in jsp and then as per permission I can show form as disabled or enabled.
Upvotes: 0
Views: 373
Answers (1)
Reputation: 1979
This requirement -- granting permissions on particular instances of secured objects -- is better satisfied with access-control lists than with roles. See Spring's reference documentation on "Domain Object Security".
Upvotes: 2
Related Questions
- Spring security configure access
- spring security - access-denied-handler
- Spring Security Access Denied
- Spring security roles and permissions
- Spring Security access denied roles or what else?
- Spring Security Java configuration
- Another Spring Security issue
- Using Spring Security ACL
- spring security weird behaivior
- spring authorization