CODEWITHSUNDEEP
springspring-bootmodel-view-controllerspring-security
SURAJ KUMAR
SURAJ KUMAR

Reputation: 57

What is Roles in spring boot

What is Roles in context of Spring Security. How to define it. I am not asking about coding. What is the general definition for roles in spring boot. Someone please give a definition with appropriate example

Upvotes: 0

Views: 685

Answers (1)

MyTwoCents
MyTwoCents

Reputation: 7622

I assume you are talking about Roles which we can provide in Spring Security.

If so then your question should be Roles in Spring Security.

Roles are basically level of Access you give to a User.

  • There might be case where only few Users are allowed to Write data and Others can just read information.
  • There might be case where some resources should be accessed by only special set of Users.

In all above case Role plays important part.

Lets see this piece of Code

@Configuration
@EnableWebSecurity
public class LoginSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationMgr) throws Exception {
        authenticationMgr.inMemoryAuthentication()
            .withUser("jduser").password("jdu@123").authorities("ROLE_USER")
            .and()
            .withUser("jdadmin").password("jda@123").authorities("ROLE_USER","ROLE_ADMIN");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {


        http.authorizeRequests()
            .antMatchers("/homePage").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
            .antMatchers("/userPage").access("hasRole('ROLE_USER')")
            .antMatchers("/adminPage").access("hasRole('ROLE_ADMIN')")
            .and()
                .formLogin().loginPage("/loginPage")
                .defaultSuccessUrl("/homePage")
                .failureUrl("/loginPage?error")
                .usernameParameter("username").passwordParameter("password")                
            .and()
                .logout().logoutSuccessUrl("/loginPage?logout"); 

    }
}

You have configures your application in a way that

/adminPage should only be used by a User having ROLE_ADMIN

/userPage, /homePage is accessible to both ROLE_ADMIN and ROLE_USER.

You can define your Custom User Roles. You need to link each User with a Role and configure same in authorizeRequests.

You can find many blogs on this. Here is one

Upvotes: 1

Related Questions