Which one we need to choose on the following options for Spring Security

Software Programmer
Software Programmer used Ask the Experts™
on
Need to implement Spring Security for a project.

Option1:

  Structure: User table, Permission table, Module table and PermissionGroup table
  User will have only one permission group.
  Permission table will have read/write/update etc.,
  Module will be product/sales/order
  Permission group table will be product - read/write, sales - read/write/update

Option2:

 Structure: User table, Roles table, Permission table,
 User can have 1 role
 Permission table will have as product_read, product_write, sales_read, sales_write

Comments on Option2:

 We can able to use Spring hasRole() kind of configuration for each method and can associate a role to it.
 Drawback: We cannot have dynamic roles as we can able to do it option1

Comments on Option1:

We can have dynamic groups however we cannot use spring hasRole(). Instead we need to get the manual decisions based on the http request - PUT/GET/POST and check for the permissions configured and decide whether to allow the URL or not in the interceptor.

Drawback:

This may not be a standard practice
What would be the best approach out of this two as well as preferable one?

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
If you need dynamic roles then go with option 1, if this is not an issue then I would go with option 2.

Author

Commented:
Can u share some code snippet ideas to achieve option 1 ?
Distinguished Expert 2018

Commented:
Sorry I cannot. The code we have is proprietary.

Author

Commented:
Please help me with a relevant sample code snippet or any template for reference.
Distinguished Expert 2018

Commented:
This is a valid answer.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial