Imagine that users can have one or more roles in the system. after login

Question

0

Asked: May 21, 20262026-05-21T20:22:36+00:00 2026-05-21T20:22:36+00:00

Imagine that users can have one or more roles in the system. after login

0

Imagine that users can have one or more roles in the system. after
login the user have to choose on of these roles. at this point only
this selected role should be checked by spring security.

e.g. user has ROLE_A, ROLE_B

requestmaps:

/book/** -> ROLE_A, ROLE_B
/author/** -> ROLE A

the normal behaviour would be that user can access all defined
actions. in my special case the user would select ROLE_A and then get
access only for /author/** actions. in other words, it is possible to
define one active role in the security context, so that spring
security would perform security checks based on this single role?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-21T20:22:37+00:00

While I would suggest avoiding this approach, from an end user perspective, I understand sometimes there are requirements out of your control. So with that said, note that the Person object you’ve defined for Spring Security to use should contain the following:

Set<Role> getAuthorities() {
   PersonRole.findAllByPerson(this).collect { it.role } as Set
}

If you define a property somewhere that specified your selected Role, just modify the above method to only return that role.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Imagine that users can have one or more roles in the system. after login

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply