Spring MVC Role and Administration Permission
I am new to spring mvc. My existing project has one admin and they have the rights to update the data, but now I need to create 2 new admins, admin1 and admin2 that can only see a limited page when they login, for example:
when logged into admin, they can see Add Data, Refresh Data, Message Pages in the menu bar. but in the case of Admin1, you can only see the Mail Journal page on the menu bar.
So please name me how can I achieve this task in spring mvc Thanks in Advance.
source to share
you need to consider using Spring Security to achieve this. Check the following
<http auto-config="true">
<intercept-url pattern="/admin*" access="ROLE_ADMIN" />
</http>
This means that only a user with "ROLE_ADMIN" authority is allowed to access the / admin * URI. If an unauthorized user tries to access it, the "http 403" page access page is displayed.
you need to configure urls and allowed access to them
simple example at http://www.mkyong.com/spring-security/spring-security-access-control-example/
source to share
You need, of course, two roles. - Then you can - check the role Admin1 or Admin2
or Admin1
wherever. - But a more suitable approach has already been mentioned: separate roles and privileges: assigning roles to users and privileges for roles, so the User gets his privileges through his roles. Now you just need to check the privileges to allow access to the function.
Spring is already built in 14.4 The concept of hierarchical roles , but I feel it is clumsy because it requires every voter to need to understand it. So I implemented my own solution , it is very simple and only based on Spring-Security-Roles. Therefore, you only need to change the Role Provider, but no more.
source to share