My web application requires access control to the content that is displayed to users. All users may be accessing the same page but the content shown will depend on their access rights.
For example, if I have the following data:
Book | Roles
__________________________________
foo | RoleA
bar | RoleB
baz | RoleA, RoleB
Users belonging to RoleA will see foo & baz.
I'm looking for a framework that can do this already. The requirements in Data Access control in Java EE technologies are similar to mine and Spring Securit开发者_StackOverflow中文版y was suggested there.
However, I'll like to be able to change access rights through a UI without having to change code and redeploy it. Can Spring Security or some other framework do this?
Yes this is actually one of the main functions of Spring Security.
When a user logs in via Spring Security a UserDetailsService is used to load additional metadata and user permissions. A UserDetailsService is like a DAO and typically used to connect to your DB and load user data in the security context.
You can define your UserDetailsService in your security namespace config.
This will help you on writing one.
I think domain object security describes what I'm trying to do and spring security has an access control list component that does this.
Introduction from the reference docs here.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论