{"id":7308,"date":"2012-09-06T16:53:44","date_gmt":"2012-09-06T11:23:44","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=7308"},"modified":"2012-09-06T16:53:44","modified_gmt":"2012-09-06T11:23:44","slug":"user-role-hierarchies-in-spring-security","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/user-role-hierarchies-in-spring-security\/","title":{"rendered":"User-Role hierarchies in spring security"},"content":{"rendered":"

In most of our applications we are using spring security core plugin for the authentication process. We define some roles in that . Have your ever thought about assigning precedence to the roles. Like, You are having 3 roles defined in your application.<\/p>\n

\n

i.e. ROLE_SUPER_ADMIN, ROLE_ADMIN ,ROLE_ATTENDEE.<\/p>\n

\n

While using these roles i.e<\/p>\n

[java]
\n @Secured([‘ROLE_ATTENDEE’])
\n def dashBoard(){
\n render(view: ‘dashBoard’)
\n }<\/p>\n

[\/java]<\/p>\n

\n

Here above you can see that you are restricting the access to this function , if you want that this function should be accessible by ADMIN also , you will mention that role over there.<\/p>\n

\n

i.e.
\n[java]
\n @Secured([‘ROLE_ATTENDEE’,’ROLE_ADMIN’])
\n[\/java]<\/p>\n

\n

In my project i was having same scenario , So instead of defining list of comma separated roles. You would define a role hierarchy in your config.groovy<\/b> as mentioned below :-<\/p>\n

\n

[java]
\ngrails.plugins.springsecurity.roleHierarchy = ”’
\n ROLE_SUPER_ADMIN > ROLE_ADMIN
\n ROLE_ADMIN > ROLE_ATTENDEE
\n”’
\n[\/java] <\/p>\n

\n

Here you can see , I have defined a role hierarchy like parent child relationship. So, Like in previous example <\/p>\n

\n

[java]
\n @Secured([‘ROLE_ATTENDEE’])
\n def dashBoard(){
\n render(view: ‘dashBoard’)
\n }<\/p>\n

[\/java] <\/p>\n

\n

Now above written function would be acessible by all parent roles . No need to specify all the required roles. Isn’t it cool.<\/p>\n

Hope it helps. \ud83d\ude42<\/p>\n

\n

Thanks & Regards,
\nRobin Sharma.
\nrobin@intelligrape.com<\/p>\n","protected":false},"excerpt":{"rendered":"

In most of our applications we are using spring security core plugin for the authentication process. We define some roles in that . Have your ever thought about assigning precedence to the roles. Like, You are having 3 roles defined in your application. i.e. ROLE_SUPER_ADMIN, ROLE_ADMIN ,ROLE_ATTENDEE. While using these roles i.e [java] @Secured([‘ROLE_ATTENDEE’]) def […]<\/p>\n","protected":false},"author":54,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":16},"categories":[7],"tags":[4840,672],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/7308"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/54"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=7308"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/7308\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=7308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=7308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=7308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}