Menu
I'm migrating a WEB-application to Spring Security. Application uses Spring MVC for rendering JSPs, and controller methods are annotated with @Secured(...).
So, at some point after successful login and MVC servlet initialization some Spring internals have this information: what permissions the user has (aka granted authorities), controller URLs and permission set, required for each one of those.
What I want is to dynamically get a list of URLs accessible for the current user to generate a navbar.
Of course, I can override some Spring beans for that, but this approach seems too dirty. So, any suggestions on how to do that, maybe standard solutions?
664
hasRole. Determines if the getAuthentication() has a particular authority within Authentication. getAuthorities() . This is similar to hasAuthority(String) except that this method implies that the String passed in is a role.
anyRequest(). authenticated() is that any request must be authenticated otherwise my Spring app will return a 401 response.
Description. hasRole([role]) Returns true if the current principal has the specified role. hasAnyRole([role1,role2]) Returns true if the current principal has any of the supplied roles (given as a comma-separated list of strings)
You can try using spring security tag lib in the jsp, iterating over the list of controllers URLs
<sec:authorize url="/admin">
This content will only be visible to users who are authorized to send requests to the "/admin" URL.
</sec:authorize>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
