Spring security Authorize Requests value from database
I want to configure Authorize Requests value from database on server start up. Currently I am giving hard core value in Java class file, is there any way to read the same fr
-
You can use Spring JDBC support. First of all you need to setup a database. Then, you can retrieve the rows and process them appropriately.
You should have a table, where you have rows and a column is filled with like
/admin/**and/db/**. The other column should be filled with role access information. After that, by following the tutorial, you should retrieve these rows. Let's assume you have following entity class:class Matcher { public String name; public String roleInfo; }Then, you can iterate over the
Matcherentities for configuration:http.authorizeRequests() .antMatchers("/resources/**", "/signup", "/about").permitAll(); for (Matcher matcher : matchers) { http.authorizeRequests().antMatchers(matcher.name).access(matcher.roleInfo); } http.authorizeRequests().anyRequest().authenticated() .and() // ... .formLogin();讨论(0) -
I had the same problem. In my case for a role I have several routes assigned. Someone may need it. It should be noted that I take as a reference the @mtyurt answer. The way I solved it was as follows:
List<Role> roles = roleRepository.findAll(); for (Role role : roles ) { List<Page> pages = pageRepository.findPagesPerRole(role.getId()); List<String> pageslist = new ArrayList<>(); for (Page page : pages ) { pageslist.add(page.getUrl()); } String[] authorities = pageslist.toArray(new String[0]); http.authorizeRequests().antMatchers(authorities).hasAuthority(role.getAuthority().toString()); }I have a
tablewhere I keep the routes and another where I keep theroles. In the roles I can assign pages to you, and a page can be in several roles, so amany-to-manytable is generated. From SQL I got the list of routes that are assigned to a role. That's why I do two cycles. Then finally to http I assign an array ofstringsand the name of the role.讨论(0)
加载中...
- 热议问题