{"id":13205,"date":"2014-04-28T15:18:24","date_gmt":"2014-04-28T09:48:24","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=13205"},"modified":"2014-04-28T15:18:24","modified_gmt":"2014-04-28T09:48:24","slug":"spring-security-permission-based-framework","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/spring-security-permission-based-framework\/","title":{"rendered":"Spring Security Permission Based framework"},"content":{"rendered":"<p>In my recent project, I want to implement permission based framework with spring security grails plugin.<\/p>\n<p>What does permission based framework mean?<\/p>\n<p>We can create a ROLE at run time based on the permission given to the user. Most of the times, we use Spring security in a way where we pre-define the roles to be used in our apps. But with the use of Permission, we can define the role at run time and assign permission as per our requirement.<\/p>\n<p>Let&#8217;s take an example : Suppose we have a controller named as PersonController<\/p>\n<p>[java]<br \/>\nclass PersonController {<\/p>\n<p>@Secured(&#8216;ROLE_PERMISSION_PERSON_CREATE&#8217;)<\/p>\n<p>def create(){&#8230;.}<\/p>\n<p>@Secured(&#8216;ROLE_PERMISSION_PERSON_EDIT&#8217;)<\/p>\n<p>def edit(){&#8230;}<\/p>\n<p>@Secured(&#8216;ROLE_PERMISSION_PERSON_SHOW&#8217;)<\/p>\n<p>def show(){&#8230;.}<\/p>\n<p>@Secured(&#8216;ROLE_PERMISSION_PERSON_DELETE&#8217;)<br \/>\ndef delete(){&#8230;.}<br \/>\n}<\/p>\n<p>[\/java]<\/p>\n<p>In this example, we have defined four action, We want to create 2 roles like this :-<\/p>\n<ul>\n<li>Edit Person: This role has permissions like edit, create, delete, show.<\/li>\n<li>Show Person : This role has permissions like show.<\/li>\n<\/ul>\n<p>So, for this, we have to define the different permissions to each action or may be you can define same permission to different action as same as we are defining roles in our projects.<\/p>\n<p>After that, we have to add a new domain named as Permission, we have to define the many to many relationship with Role domain.<\/p>\n<p>Role.groovy<\/p>\n<p>[java]<br \/>\nclass Role implements Serializable {<\/p>\n<p>String authority<br \/>\nDate dateCreated<br \/>\nDate lastUpdated<\/p>\n<p>static hasMany = [permissions:Permission]<\/p>\n<p>static mapping = {<br \/>\ncache true<br \/>\n}<\/p>\n<p>static constraints = {<br \/>\nauthority blank: false, unique: true<br \/>\n}<br \/>\n}<br \/>\n[\/java]<\/p>\n<p>Permission.groovy<\/p>\n<p>[java]<br \/>\nclass Permission implements Serializable {<\/p>\n<p>String name<br \/>\nstatic constraints = {<br \/>\n}<br \/>\n}<br \/>\n[\/java]<\/p>\n<p>In Bootstrap.groovy, you can bootstrap roles and permissions. See the code snippet below:<\/p>\n<p>Firstly you have to save different type of permissions that mentioned above the action name in @secured annotation and assign permission to each role as per your requirements.<\/p>\n<p>[java]<br \/>\nPermission createPermission = new Permission(name: &#8216;PERSON_CREATE&#8217;)<br \/>\ncreatePermission.save()<\/p>\n<p>Permission editPermission = new Permission(name: &#8216;PERSON_EDIT&#8217;)<br \/>\neditPermission.save()<\/p>\n<p>Permission deletePermission = new Permission(name: &#8216;PERSON_DELETE&#8217;)<br \/>\ndeletePermission.save()<\/p>\n<p>Permission showPermission = new Permission(name: &#8216;PERSON_SHOW&#8217;)<br \/>\nshowPermission.save()<\/p>\n<p>Role editRole = new Role(authority: &#8216;ROLE_EDIT_PERSON&#8217;, permissions: [createPermission, deletePermission, showPermission, editPermission])<br \/>\neditRole.save()<\/p>\n<p>Role showRole = new Role(authority: &#8216;ROLE_SHOW_PERSON&#8217;, permissions: [showPermission])<br \/>\nshowRole.save()<br \/>\n[\/java]<\/p>\n<p>You can create as many as can roles at run time and assign permissions to each role.<\/p>\n<p>You have to create one class in src\/groovy package CustomAuthority which will extends the GrantedAuthority<br \/>\nclass.<\/p>\n<p>[java]<br \/>\nimport org.springframework.security.core.GrantedAuthority<\/p>\n<p>class CustomAuthority implements GrantedAuthority {<br \/>\nprivate String authority;<\/p>\n<p>public CustomAuthority(String authority) {<br \/>\nthis.authority = authority;<br \/>\n}<\/p>\n<p>@Override<br \/>\npublic String getAuthority() {<br \/>\nreturn authority;<br \/>\n}<\/p>\n<p>@Override<br \/>\npublic int hashCode() {<br \/>\nreturn authority.hashCode();<br \/>\n}<\/p>\n<p>@Override<br \/>\npublic boolean equals(Object obj) {<br \/>\nif(obj == null) return false;<br \/>\nif(!(obj instanceof CustomAuthority)) return false;<br \/>\nreturn ((CustomAuthority) obj).getAuthority().equals(authority);<br \/>\n}<br \/>\n}<br \/>\n[\/java]<\/p>\n<p>Now, you have to override getAuthorities() method of the User.groovy file to use the permission for each role specific to users.<\/p>\n<p>[java]<br \/>\nSet getAuthorities() {<br \/>\nSet list = UserRole.findAllByUser(this).collect { it.role } as Set<br \/>\ndef roles = new HashSet()<br \/>\nroles.addAll(list)<br \/>\ndef newRoles = new HashSet()<br \/>\nlist.each { role -&gt;<br \/>\nrole?.permissions?.each { permission -&gt;<br \/>\nCustomAuthority customAuthority = new CustomAuthority(&quot;ROLE_PERMISSION_&quot; + permission.name);<br \/>\nnewRoles.add(customAuthority);<br \/>\n}<br \/>\n}<br \/>\nreturn newRoles<br \/>\n}<br \/>\n[\/java]<\/p>\n<p>In this method, we are getting the different permissions from each role and assigning them to authority list.<\/p>\n<p>Now, your permission based framework is configured.<\/p>\n<p>It&#8217;s very powerful way to customize the roles in spring security, you don&#8217;t need to change the code when creating the role, you can customize roles based on permissions at run time.<\/p>\n<p>Hope this blog will give you the idea to integrate the spring security with permissions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In my recent project, I want to implement permission based framework with spring security grails plugin. What does permission based framework mean? We can create a ROLE at run time based on the permission given to the user. Most of the times, we use Spring security in a way where we pre-define the roles to [&hellip;]<\/p>\n","protected":false},"author":47,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":4},"categories":[7],"tags":[4840,9,1409,672],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/13205"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/47"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=13205"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/13205\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=13205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=13205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=13205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}