User-Role hierarchies in spring security
In most of our applications we are using spring security core plugin for the authentication process. We define some roles in that . Have your ever thought about assigning precedence to the roles. Like, You are having 3 roles defined in your application.
i.e. ROLE_SUPER_ADMIN, ROLE_ADMIN ,ROLE_ATTENDEE.
While using these roles i.e
@Secured(['ROLE_ATTENDEE']) def dashBoard(){ render(view: 'dashBoard') }
Here above you can see that you are restricting the access to this function , if you want that this function should be accessible by ADMIN also , you will mention that role over there.
i.e.
@Secured(['ROLE_ATTENDEE','ROLE_ADMIN'])
In my project i was having same scenario , So instead of defining list of comma separated roles. You would define a role hierarchy in your config.groovy as mentioned below :-
grails.plugins.springsecurity.roleHierarchy = ''' ROLE_SUPER_ADMIN > ROLE_ADMIN ROLE_ADMIN > ROLE_ATTENDEE '''
Here you can see , I have defined a role hierarchy like parent child relationship. So, Like in previous example
@Secured(['ROLE_ATTENDEE']) def dashBoard(){ render(view: 'dashBoard') }
Now above written function would be acessible by all parent roles . No need to specify all the required roles. Isn’t it cool.
Hope it helps.
Thanks & Regards,
Robin Sharma.
robin@intelligrape.com
Really nice writeup many thanks
Thats great!!
You saved my day.I was looking for something like for my project.