Spring Security Permissions

Question

Spring Security Permissions

Asked 6 years, 10 months ago

Viewed 490 times

0

I am developing a system for my college TCC. I am creating the user authentication part. I wonder if someone has a simple example of Spring Security configuration of users who have more than one permission, that is, a user who can access more than one function of the application. Example, user who accesses both financial and HR, without I have to create a new login for the user. My DB has the user table and scroll (which keeps the permissions). I believe I made myself clear in my question, I just want a simple example or a hint of how to do it and whether I should create more than one configure method.

Thanks!!!

What is missing is the table that will relate the USER to the ROLE. With this table a user can have several ROLES and a ROLE can belong to several users.

– cantoni

2018/01/10 at 12:01
If it doesn’t work, the implementation varies slightly between versions

– Erick Luz

2021/06/07 at 21:32

1 answer

Browser other questions tagged java web-application spring-security

You are not signed in. Login or sign up in order to post.

by Leandro Gama • 1 point · Answer 1 · 2018-01-10T21:26:47+00:00

You could add a table of permissions in the database for users with many relationship to one, so a user could have an access permission and another from Adm, for example.

Code, using Hibernate Annotations:

    @ElementCollection(targetClass = String.class)
    @JoinTable(name="usuario_permissao", uniqueConstraints = 
          {@UniqueConstraint(columnNames = {"usuario", "permissao"})},
          joinColumns = @JoinColumn(name = "usuario"))
    @Column(name = "permissao")
    private Set<String> permissao = new HashSet<String>();

Then when you register users set the default permissions:

    public void salvar(Usuario usuario){
        Integer codigo = usuario.getUsuario();
        if(codigo == null || codigo == 0){
            // adiciona permissao usuario
            usuario.getPermissao().add("ROLE_USER");
            this.usuarioDAO.salvar(usuario);
        }else{
            this.usuarioDAO.salvar(usuario);
    }
}

And for specific users add permissions separately, for example:

            // adiciona permissao adm
            usuario.getPermissao().add("ROLE_ADM");
            // salva...

I hope I’ve helped