Reputation: 1673
spring security - one active role
Imagine that users can have one or more roles in the system. after login the user have to choose on of these roles. at this point only this selected role should be checked by spring security.
e.g. user has ROLE_A, ROLE_B
requestmaps:
/book/** -> ROLE_A, ROLE_B /author/** -> ROLE A
the normal behaviour would be that user can access all defined actions. in my special case the user would select ROLE_A and then get access only for /author/** actions. in other words, it is possible to define one active role in the security context, so that spring security would perform security checks based on this single role?
Upvotes: 1
Views: 630
Answers (1)
Reputation: 35904
While I would suggest avoiding this approach, from an end user perspective, I understand sometimes there are requirements out of your control. So with that said, note that the Person object you've defined for Spring Security to use should contain the following:
Set<Role> getAuthorities() {
PersonRole.findAllByPerson(this).collect { it.role } as Set
}
If you define a property somewhere that specified your selected Role, just modify the above method to only return that role.
Upvotes: 2
Related Questions
- Spring security access with multiple roles
- grails spring security role and group
- Grails Spring Security UI, user and Role management access
- Spring security - grails restrict with in role
- Grails Springsecurity
- Multiple Roles for a single User
- Spring security roles
- Grails Spring Security Remember Me
- spring security in grails
- Grails Spring Security: Switching between dual ROLEs