Spring Security Permissions

0

I am developing a system for my college CBT. I am creating the authentication part of users. I wonder if anyone has a simple example of setting up Spring Security for users who have more than one permission, that is, a user who can access more than one application's role. Example, user accessing both the financial and HR, without having to create a new login for the user. My DB has the user and role table (which holds the permissions). I think I made myself clear in my question, I just want a simple example or a hint of how to do it and if I should create more than one configure method.

Thanks!

    
asked by anonymous 10.01.2018 / 12:05

1 answer

0

You could add a table of permissions in the database for users with many to one relationship, so a user could have an access permission and another permission, for example.

Code, using Hibernate annotations:

    @ElementCollection(targetClass = String.class)
    @JoinTable(name="usuario_permissao", uniqueConstraints = 
          {@UniqueConstraint(columnNames = {"usuario", "permissao"})},
          joinColumns = @JoinColumn(name = "usuario"))
    @Column(name = "permissao")
    private Set<String> permissao = new HashSet<String>();

Then when you are registering users set the default permissions:

    public void salvar(Usuario usuario){
        Integer codigo = usuario.getUsuario();
        if(codigo == null || codigo == 0){
            // adiciona permissao usuario
            usuario.getPermissao().add("ROLE_USER");
            this.usuarioDAO.salvar(usuario);
        }else{
            this.usuarioDAO.salvar(usuario);
    }
}

And for specific users, add the permissions separately, for example:

            // adiciona permissao adm
            usuario.getPermissao().add("ROLE_ADM");
            // salva...

I hope I have helped

    
10.01.2018 / 22:26