Link to home
Start Free TrialLog in
Avatar of Software Programmer
Software Programmer

asked on

Which one we need to choose on the following options for Spring Security

Need to implement Spring Security for a project.

Option1:

  Structure: User table, Permission table, Module table and PermissionGroup table
  User will have only one permission group.
  Permission table will have read/write/update etc.,
  Module will be product/sales/order
  Permission group table will be product - read/write, sales - read/write/update

Option2:

 Structure: User table, Roles table, Permission table,
 User can have 1 role
 Permission table will have as product_read, product_write, sales_read, sales_write

Comments on Option2:

 We can able to use Spring hasRole() kind of configuration for each method and can associate a role to it.
 Drawback: We cannot have dynamic roles as we can able to do it option1

Comments on Option1:

We can have dynamic groups however we cannot use spring hasRole(). Instead we need to get the manual decisions based on the http request - PUT/GET/POST and check for the permissions configured and decide whether to allow the URL or not in the interceptor.

Drawback:

This may not be a standard practice
What would be the best approach out of this two as well as preferable one?

Thanks.
ASKER CERTIFIED SOLUTION
Avatar of girionis
girionis
Flag of Greece image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Software Programmer
Software Programmer

ASKER

Can u share some code snippet ideas to achieve option 1 ?
Sorry I cannot. The code we have is proprietary.
Please help me with a relevant sample code snippet or any template for reference.
This is a valid answer.