Menu
I want to configure Authorize Requests value from database on server start up. Currently I am giving hard core value in Java class file, is there any way to read the same from database.
Below is the sample code:
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/signup", "/about").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")
.anyRequest().authenticated()
.and()
// ...
.formLogin();
}
How to read url from database for eg : /admin/** from database instead of hard code value in class files
719
Authorization is the process to allow authority to perform actions in the application. We can apply authorization to authorize web request, methods and access to individual domain. Spring Security framework supports wide range of authentication models. These models either provided by third parties or framework itself.
Description. hasRole([role]) Returns true if the current principal has the specified role. hasAnyRole([role1,role2]) Returns true if the current principal has any of the supplied roles (given as a comma-separated list of strings)
You can use Spring JDBC support. First of all you need to setup a database. Then, you can retrieve the rows and process them appropriately.
You should have a table, where you have rows and a column is filled with like /admin/** and /db/**. The other column should be filled with role access information. After that, by following the tutorial, you should retrieve these rows. Let's assume you have following entity class:
class Matcher {
public String name;
public String roleInfo;
}
Then, you can iterate over the Matcher entities for configuration:
http.authorizeRequests()
.antMatchers("/resources/**", "/signup", "/about").permitAll();
for (Matcher matcher : matchers) {
http.authorizeRequests().antMatchers(matcher.name).access(matcher.roleInfo);
}
http.authorizeRequests().anyRequest().authenticated()
.and()
// ...
.formLogin();
I had the same problem. In my case for a role I have several routes assigned. Someone may need it. It should be noted that I take as a reference the @mtyurt answer. The way I solved it was as follows:
List<Role> roles = roleRepository.findAll();
for (Role role : roles
) {
List<Page> pages = pageRepository.findPagesPerRole(role.getId());
List<String> pageslist = new ArrayList<>();
for (Page page : pages
) {
pageslist.add(page.getUrl());
}
String[] authorities = pageslist.toArray(new String[0]);
http.authorizeRequests().antMatchers(authorities).hasAuthority(role.getAuthority().toString());
}
I have a table where I keep the routes and another where I keep the roles. In the roles I can assign pages to you, and a page can be in several roles, so a many-to-many table is generated. From SQL I got the list of routes that are assigned to a role. That's why I do two cycles. Then finally to http I assign an array of strings and the name of the role.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
