每个实体的 Spring Boot 安全角色 [英] Spring boot security roles per entity
问题描述
我的应用程序目前有两种类型的用户:管理员或普通用户.
My application has currently two types of users: Admin or Normal user.
应用程序有多个项目:100 个或更多.每个项目用户都有不同的角色,如项目所有者、客户等...
The application has several projects: 100 or more. Per project the user has a different role like project owner, client, etc...
我现在正在寻找放置这些子角色的最佳方法.因为在我的服务中,我想使用 PreAuthorise("hasRole('OWNER')") 以便只有合适的人才能执行更新或其他任何事情.
I'm now figuring out the best way to put those subroles in place.
Because in my services I want to use PreAuthorise("hasRole('OWNER')") so that only the right people can execute an update or whatever.
我现在尝试的是在我通过 Spring Security 登录时为每个项目提供一个使用角色(项目所有者、客户等...)处理它的用户列表,我检索用户并获取所有项目他是其中的一部分,然后我添加如下角色 ROLE_PROJECTNAME_OWNER 或 ROLE_PROJECTNAME_CLIENT.
What I was trying now was giving every project a list of users that are working on it with a roles (project owner, client, etc...) when I login via Spring Security I retrieve the user and fetch all the projects where he is part of and then I add roles as follows ROLE_PROJECTNAME_OWNER or ROLE_PROJECTNAME_CLIENT.
问题是我不能使用HASROLE,因为有很多项目,所以我不能提前注释有哪些项目允许在我的服务层中调用方法.我也不能只添加 OWNER 因为那样我不知道在哪个项目中.所以我有点被困在这里如何正确地做到这一点.
The thing is that I can't use the HASROLE because there are a lot of projects so I can't annotate in advance which projects there are to allow a method call in my service layer. I also can't just add OWNER because then I don't know in which project. So I'm a little bit stuck here how to do this properly.
推荐答案
定义您自己的服务以管理用户/项目/角色的访问权限,并直接在您的 @PreAUthorize 上调用此服务.
Define your own service to manage access with user/project/role and call this service directly on your @PreAUthorize.
这篇关于每个实体的 Spring Boot 安全角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
