Authority actions in Spring Security

https://stackoverflow.com/questions/22160711

19-10-2022
|

Question

In Spring Security is possible to control actions?

For example: The url /coca-cola everyone has access to it (ROLE_USUARIO, ROLE_EMPRESA).

But will have 1 button to edit or delete any data in the page /coca-cola.

I need this button to be displayed only for the company /coca-cola, other companies who access this page or other users who access it can not see this button. This is possible in Spring Security? Or I have to create a logic to this?

No correct solution

OTHER TIPS

In your page (eg jsp), add the code like below. If the current user has the role 'ROLE_ESTABELECIMENTO', then that block of code would become visible where you can put your button to display it. Else it would be hidden. Is this what you need ?

        <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>


        <security:authorize access="hasRole('ROLE_ESTABELECIMENTO')">
            Code to display your button
        </security:authorize>

You might need to add the library 'spring-security-taglibs', if you use maven as below

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>3.1.4.RELEASE</version>
        </dependency>

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow