• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 117
  • Last Modified:

Which one we need to choose on the following options for Spring Security

Need to implement Spring Security for a project.

Option1:

  Structure: User table, Permission table, Module table and PermissionGroup table
  User will have only one permission group.
  Permission table will have read/write/update etc.,
  Module will be product/sales/order
  Permission group table will be product - read/write, sales - read/write/update

Option2:

 Structure: User table, Roles table, Permission table,
 User can have 1 role
 Permission table will have as product_read, product_write, sales_read, sales_write

Comments on Option2:

 We can able to use Spring hasRole() kind of configuration for each method and can associate a role to it.
 Drawback: We cannot have dynamic roles as we can able to do it option1

Comments on Option1:

We can have dynamic groups however we cannot use spring hasRole(). Instead we need to get the manual decisions based on the http request - PUT/GET/POST and check for the permissions configured and decide whether to allow the URL or not in the interceptor.

Drawback:

This may not be a standard practice
What would be the best approach out of this two as well as preferable one?

Thanks.
0
Software Programmer
Asked:
Software Programmer
  • 3
  • 2
1 Solution
 
girionisCommented:
If you need dynamic roles then go with option 1, if this is not an issue then I would go with option 2.
0
 
Software ProgrammerAuthor Commented:
Can u share some code snippet ideas to achieve option 1 ?
0
 
girionisCommented:
Sorry I cannot. The code we have is proprietary.
0
 
Software ProgrammerAuthor Commented:
Please help me with a relevant sample code snippet or any template for reference.
0
 
girionisCommented:
This is a valid answer.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now