troubleshooting Question

Which one we need to choose on the following options for Spring Security

Avatar of Software Programmer
Software Programmer asked on
JavaProgrammingProgramming Languages-OtherProgramming Theory
5 Comments1 Solution458 ViewsLast Modified:
Need to implement Spring Security for a project.

Option1:

  Structure: User table, Permission table, Module table and PermissionGroup table
  User will have only one permission group.
  Permission table will have read/write/update etc.,
  Module will be product/sales/order
  Permission group table will be product - read/write, sales - read/write/update

Option2:

 Structure: User table, Roles table, Permission table,
 User can have 1 role
 Permission table will have as product_read, product_write, sales_read, sales_write

Comments on Option2:

 We can able to use Spring hasRole() kind of configuration for each method and can associate a role to it.
 Drawback: We cannot have dynamic roles as we can able to do it option1

Comments on Option1:

We can have dynamic groups however we cannot use spring hasRole(). Instead we need to get the manual decisions based on the http request - PUT/GET/POST and check for the permissions configured and decide whether to allow the URL or not in the interceptor.

Drawback:

This may not be a standard practice
What would be the best approach out of this two as well as preferable one?

Thanks.
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros