Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Let say I have a screen name ITEM thats performs different actions:
Save, Update, and Delete.
I have given a user ADMIN with a role of ADMIN and the ADMIN role can only perform SAVE and UPDATE operations on this screen. How can I customize this using spring security
Method Level Security checks only on roles but not one step further but that must pe possible with spring security.
1) The very first thing you can do is hide / disable option URLs depending on role. So user with role other than ADMIN cant see/ click on SAVE and UPDATE.
2) Instead of writing method level code use interceptors, Intercept every request and check ROLE.
Check this question for more details.