Reputation: 5787
Organizational Hierarchy -based access control in Spring Security (& hibernate)
There is a scenario in one of the projects I am working on, in which there is a central database that is being accessed by various branches and sub-units within the organisation. In addition to role-based entitlements (like operator, admin, approver etc.) which I am aware of how to tackle, there is a requirement to filter data at the organizational unit -level.
For example, see the organization structure depicted below:
In this scenario, any user working at HQ-level would have access to all the data across the branches in those screens for which the user has access (role-based). However, anyone in Branch 1 can see only data of Units 1.1, 1.2 & 1.3. The same holds with Branch 2 as well. As we generalize this to the next level, a user in Unit 1.1 can access only data of Unit 1.1, but not of the other.
So, is such a kind of access control possible with Domain Object Security or any other mechanism in Spring Security?
I am alternatively exploring a possibility of having an interceptor in Hibernate that will do the necessary filtering. Any help in that front also would be useful?
Upvotes: 8
Views: 1579
Answers (1)
Reputation: 208
Open this link :
https://github.com/taylorleese/google-app-engine-jappstart
it is project. You can see spring security file :: https://github.com/taylorleese/google-app-engine-jappstart/blob/master/src/main/webapp/WEB-INF/applicationContext-security.xml
Upvotes: 5
Related Questions
- Dynamic Role Hierarchy in Spring Security
- Spring Boot + Spring Security + Hierarchical Roles
- Spring Security and multiple hierarchical roles
- Spring Security / Java EE solutions for hierarchy tree roles
- Implementing Hierarchical Roles in Spring Security
- Spring security: Role based access control
- Java: Spring security 3 Role hierarchy
- Spring Security Hierarchy Role system
- Howto implement Spring Security User/Authorities with Hibernate/JPA2?
- Is there an alternative to hierarchical Spring security roles?