Menu
I am applying spring security on my jsp page, I need to show different parts of the page to users with different roles all the roles are as following.
All authenticated users >> Edit and Add New
Admin > Delete and Edit and Add New
Anonymous > Add New
<sec:authorize
access="isAuthenticated()">
Code of add new and edit buttons
</sec:authorize>
<sec:authorize
access="hasAnyRole('ADMIN')">
Code to add new, edit and delete buttons
</sec:authorize>
<sec:authorize
access="isAnonymous()">
Code to add new
</sec:authorize>
I am wondering if there is any easier method, in this case, if I want to modify access of a specific role I have to change its access rules in security.xml file and every page that I have set the role access.
For example, lets say I want to unable Admin role to access delete button then I have to change the code of security.xml and all the JSP pages that admin role was authenticated to view delete button.
Is there any easier method to do it!?
503
That’s why it is essential to simplify the user access review process as much as possible, and the only way to do that is through automation. The first step is a reporting tool that gives you an overview of current permissions across all systems.
tenfold ’s approach to reviewing user access rights eliminates all of these threats. In tenfold, standard permissions are assigned through role-based access control, meaning that they are automatically adjusted when a user is moved to a different role, such as a new department or position.
In order to access Windows Admin Center, the user's Windows account must also have access to gateway server (even if Azure AD authentication is used). When you use Azure AD, you'll manage Windows Admin Center user and administrator access permissions from the Azure Portal, rather than from within the Windows Admin Center UI.
Once you add one or more security groups to the users list, access is restricted to the members of those groups. If you don't use an Active Directory domain in your environment, access is controlled by the Users and Administrators local groups on the Windows Admin Center gateway machine.
There can be a solution by using rights set which can be contained in role object as a collection.
After this implementation you can check the right permission for showing buttons and if you want to change anything in your security architecture, you can easily manage this by granting or revoking the rights from related role.
An example of this can bee seen in the link below.
http://en.tekstenuitleg.net/blog/spring-security-with-roles-and-rights
147
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
