Spring security Authorize Requests value from database

Question

I want to configure Authorize Requests value from database on server start up. Currently I am giving hard core value in Java class file, is there any way to read the same fr

Answer 1

I had the same problem. In my case for a role I have several routes assigned. Someone may need it. It should be noted that I take as a reference the @mtyurt answer. The way I solved it was as follows:

List roles = roleRepository.findAll();
for (Role role : roles
        ) {
    List pages = pageRepository.findPagesPerRole(role.getId());
    List pageslist = new ArrayList<>();
    for (Page page : pages
         ) {
        pageslist.add(page.getUrl());
    }
    String[] authorities = pageslist.toArray(new String[0]);
    http.authorizeRequests().antMatchers(authorities).hasAuthority(role.getAuthority().toString());
}

I have a table where I keep the routes and another where I keep the roles. In the roles I can assign pages to you, and a page can be in several roles, so a many-to-many table is generated. From SQL I got the list of routes that are assigned to a role. That's why I do two cycles. Then finally to http I assign an array of strings and the name of the role.