Authority actions in Spring Security

https://stackoverflow.com/questions/22160711

19-10-2022
|

문제

In Spring Security is possible to control actions?

For example: The url /coca-cola everyone has access to it (ROLE_USUARIO, ROLE_EMPRESA).

But will have 1 button to edit or delete any data in the page /coca-cola.

I need this button to be displayed only for the company /coca-cola, other companies who access this page or other users who access it can not see this button. This is possible in Spring Security? Or I have to create a logic to this?

올바른 솔루션이 없습니다

다른 팁

In your page (eg jsp), add the code like below. If the current user has the role 'ROLE_ESTABELECIMENTO', then that block of code would become visible where you can put your button to display it. Else it would be hidden. Is this what you need ?

        <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>


        <security:authorize access="hasRole('ROLE_ESTABELECIMENTO')">
            Code to display your button
        </security:authorize>

You might need to add the library 'spring-security-taglibs', if you use maven as below

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>3.1.4.RELEASE</version>
        </dependency>

라이센스 : CC-BY-SA ~와 함께 속성

제휴하지 않습니다 StackOverflow