Reputation: 637
In my project, I send scheduled mails to all registered users. Up to now, there were no restrictions, so I just got all the Users from the database and sent the mails without any security checks. Now, I have to make sure, that only users with a certain role receive those mails.
The only thing I found so far are several ways to check the roles of the currently logged in user. But I need to check the roles of a whole list of users, that are currently not logged in.
I can't figure out how to access these roles. I don't even know if this can be done with spring security at all. So, does anyone know about this kind of problem?
Thanks for your help!
Upvotes: 2
Views: 59
Reputation: 17849
I think that you did not understand what the 'role' means for a user. Usually the role is implemented in the database part of the application. You may have the User
table with attributes (id, name, sname, ...., role)
(1st case) or you may have it as a separate table ex 'Roles' with attributes (id, name, desc)
and then have a FK
in your User
table that will link to the Roles
table (2nd case).
So, when you want to send an email to all those with role = admin
then you do it like this:
sql = "select * from users where role = 'admin'"; //First case
sql = "select * from users , roles where users.role_id = roles.id and roles.desc = 'admin' "; //second case
As you have guessed the implementation of this, has nothing to do with spring or whatever security...
Upvotes: 1