Danish
Reputation: 913
Authorization in a web application
I am looking forward to implement authorization in one of my projects. One of the option that I found was URL,METHOD based spring security. This allow the control on the basis of ROLE. But what about that a user if having a VIEW role can view all of the resources but can't edit any resource. Is there any Existing framework that can provide this granularity? ,so that with a role the permissions on various resources can be applied.
Thanks
Upvotes: 0
Views: 51
Answers (1)
Freaky Thommi
Reputation: 746
Try the below solution.
<intercept-url pattern="/api/resource/employee/**"
access="hasAnyRole('MANAGER','EMPLOYEE','HR')"
method="GET" />
<intercept-url pattern="/api/resource/employee/**"
access="hasAnyRole('MANAGER','HR')" method="POST" />
Upvotes: 1
Related Questions
- Get a list of resources from classpath directory
- Can I add jars to Maven 2 build classpath without installing them?
- How to configure CORS in a Spring Boot + Spring Security application?
- Difference between Role and GrantedAuthority in Spring Security
- Authentication versus Authorization
- Spring AOP vs AspectJ
- Group/rule-based authorization approach in node.js and express.js