问题
Greetings java hipsters!
I just generated a jhipster project and created some entities. I'd like to hide some entities by restricting them to only the admin user. How do I achieve this ?
Thanks!
回答1:
First read Spring Security doc then look at your project source code that was generated by JHipster: it's full of such examples, pay attention to:
SecurityConfiguration.java@Secured(AuthoritiesConstants.ADMIN)inUserResource.java
Then for the angular part, you can add a requirement for admin role in a state's definition like in src/main/webapp/app/admin/configuration/configuration.state.js (search for authorities: ['ROLE_ADMIN']). So for a bank-account entity, main state would be defined in src/main/webapp/app/entities/bank-account/bank-account.state.js.
This is for JHipster 3.x
回答2:
I just describe how i blocked new entity("folder") on a bit more fresh version (JHipster 4.7.0):
to block access to endpoint I added new line in a file: src/main/java/package path/config/SecurityConfiguration.java:
.antMatchers("/api/profile-info").permitAll()
.antMatchers("/api/folders").hasAuthority(AuthoritiesConstants.ADMIN) //new line
.antMatchers("/api/**").authenticated()
change src/main/webapp/app/entities/folder/folder.route.ts:
data: {
authorities: ['ROLE_USER'], // old
authorities: ['ROLE_ADMIN'],// new
pageTitle: 'jmediaApp.folder.home.title'
},
and to hide item from navbar you need to add *jhiHasAnyAuthority="'ROLE_ADMIN'" in <li> tag in /src/main/webapp/app/layouts/navbar/navbar.component.html:
<li *jhiHasAnyAuthority="'ROLE_ADMIN'">
回答3:
On the Gateway UI By Using react.js server following process can be followed.
- Open
src/main/webapp/app/app.tsxwhich contains all routing mechanism. Check the component<Header ..{additional props added}.. /> - on
mapStateToPropsthere is a function by the nameisAdminto check if the logged-in user is an admin. (Change this according to your ROLE. I am using ROLE_ADMIN so I left as it is.) - Go to
src/main/webapp/app/shared/layout/header/header.tsx. This file contains all the navigation to the entities under<EntitiesMenu >component. pass the isAdmin prop to the EntitiesMenu component as<EntitiesMenu admin={props.isAdmin} /> Now Go to
src/main/webapp/app/shared/layout/menus/entities.tsxchange the respective path to{This helps in hiding the navigation links.
props.isAdmin && ( <MenuItem icon="asterisk" to="/entity/institute"> <Translate contentKey="global.menu.entities.institute" /> </MenuItem> ) }- But if the user enters the specific path on the browser url, There is no validation on that. So change
src/main/webapp/app/entities/index.tsxfrom<ErrorBoundaryRoute ../>to
<PrivateRoute path={${match.url}/institute} component={Institute} hasAnyAuthorities={[AUTHORITIES.ADMIN]} />
After this even if the user open the URL by mentioning it in the browser search bar, Jhipster validates if the user has got the role or not. If not simply access denied page will be shown.
来源:https://stackoverflow.com/questions/38377391/jhipster-hide-entities-from-non-admin