Setting user roles based on some kind of ownership in Spring Security

Question

In my Spring-based application, I currently have basic roles such as ADMIN, and USER.

Is it possible to define a user role such as PHOTO_UPLOADER, which inherits fr

Answer 1

i don't know what types of data accessing technology you are using. i know you can write interceptor or event listener to do the security checking for hibernate. i think ibatis is also the same way. in my project, i wrote CRUD enable interface methods in the parent model/entity class, and doing security check in some events, such as before entity loading. spring security acl is a bit complex. implementing your security solution is more better.