I'm developing a task list application for study, however, all users access all tasks.
I wonder if anyone has implemented something like Spring Security and how they did it.
How to limit a user to only accessing their own data? [closed]
1
asked by anonymous 07.03.2018 / 15:34
3 answers
0
You can do all the work manually by adding a AND usuario_id = :id_usuario_autenticado" clause as stated in one of the answers.
Another strategy is to use multi-tenancy, which is basically a way to isolate user data in separate tables or instances. Spring supports this in some ways. I've personally never used it, but here are some examples, tutorials and explanations:
07.03.2018 / 15:53
0
You would not necessarily need to use some security feature for this.
In a simpler way, imagining that you have an authentication process in your application, after authenticating and identifying the user who accessed the application, that user's information can be retrieved through some ID (user code or ID on database) associated with these records. In the following way:
... FROM Tarefas t WHERE t.usuario_id = :id_usuario_autenticado
My suggestion is that you already have some way to differentiate users (ID) and, by your question, you are retrieving information from the database without considering this difference.
07.03.2018 / 15:42
0
You can limit the display of some content on the page using Thymeleaf's Spring Security Dialect.
Limiting content using roles:
<div sec:authorize="hasRole('ROLE_ADMIN')">This content is only shown to administrators.</div>
07.03.2018 / 16:56