Reputation: 6371
how can I authorize subsystems to specific users?
I'm using SpringMVC, SpringSecurity, Spring, Mybatis for my web application. There are a lot of parallel subsystems(say, different registration system), What I wanna implement is to give each admin(there're a lot of admins who is under my control) authorization to some subsystems. For example, there are admin A, B, C, as well as subsystem X, Y, Z, I intend to authorize admin A to subsystem A, B, to authorize admin B to subsystem C, like such. How could I achieve this effect using spring security, is there any article on this issue, or some term for me to google with. Thanks a lot!!
Upvotes: 1
Views: 74
Answers (1)
Reputation: 7817
You can set up different base URLs for each subsystem:
www.appdomain.com/subsitemA/page1.html
www.appdomain.com/subsitemA/page2.html
www.appdomain.com/subsitemB/*
www.appdomain.com/subsitemC/*
....
www.appdomain.com/subsitemX/*
Then it well be easy to secure them using intercept-url patterns:
<sec:http auto-config='true' use-expressions="true" >
<!-- Specific patterns comes first -->
<sec:intercept-url pattern="/subsitemA/**" access="hasRole('ROLE_ADM_A')" />
<sec:intercept-url pattern="/subsitemB/**" access="hasRole('ROLE_ADM_A') and hasRole('ROLE_ADM_B')" />
<sec:intercept-url pattern="/subsitemC/**" access="hasRole('ROLE_ADM_C') and hasRole('ROLE_ADM_D')" />
...
<!-- General pattern comes last -->
<sec:intercept-url pattern="/**" access="isFullyAuthenticated()" />
</sec:http>
Upvotes: 1
Related Questions
- Spring security access with multiple roles
- How to implement specific authorization by user level in spring boot?
- Spring security context, several users
- Handling complex authorization in spring security
- configuring spring security only for authorisation?
- Allowing access for specific users in Spring Security
- Implementing A Controller for Authorization
- How to authorize system calls in spring security
- Spring Security Authenticated User only
- Defining Spring Security user roles