1
I am developing a task list application for study, however, all users access all tasks.
I wonder if anyone has ever implemented something like this with the Spring Security and how you did.
3 answers
0
You wouldn’t necessarily need to use some security feature for that.
In a simpler way, imagining that you have an authentication process in your application, after authenticating and identifying the user who accessed the application, the information of that user you can recover through some ID (user code or ID in the database) associated with these records of yours. As follows:
... FROM Tarefas t WHERE t.usuario_id = :id_usuario_autenticado
This suggestion is considering that you already have some way to differentiate users (ID) and, by your question, you are recovering the information from the database without considering this difference.
-
1
I have authentication process yes. I thought about doing something manually but before I wanted to know if the framework solves this somehow.
-
I get it. But was it clear to you this idea of associating records in the database with the user ID? Because I believe that point can help you initiate this data separation. You can use security, for example, authorization to access certain features, but to recover only the resources of a specific user this can be done through the ID of the same.
0
You can do all the work manually by adding a clause AND usuario_id = :id_usuario_autenticado" as stated in one of the answers.
Another strategy is to use multi-tenancy, which is basically a way to isolate user data in separate tables or instances. Spring supports this in a few ways. I’ve never personally used it, but here are some examples, tutorials and explanations:
https://marcelosouzavieira.wordpress.com/2016/04/26/spring-boot-bunny-multi-tenancy/
https://www.ricston.com/blog/multitenancy-jpa-spring-hibernate-part-1/
0
You can limit the display of any content on the page using Thymeleaf’s Spring Security Dialect.
Limiting content using roles:
<div sec:authorize="hasRole('ROLE_ADMIN')">This content is only shown to administrators.</div>
Browser other questions tagged java spring-boot spring-mvc spring-security spring-jpa
You are not signed in. Login or sign up in order to post.
Did you log in? Are the tasks registered in the database associated with a single user? If yes, it takes the logged in user and shows only his tasks, as the query that the colleague has already given.
– thantunes
How are your tables? It has some relation of User to Tasks ?
– Viktor Hugo