Originally Posted by
PaoloValladolid
I have a similar question. The app I'm working on is required to load the user roles from a database table. Unfortunately, this table is not named "Authorities", nor does it have a column named "authority". Also, there are 4 user roles, while Spring Security seems to "expect" 3 roles (aka "authorities).
The solution I leaning towards is assigning Spring Security ROLE_ADMIN to all users who have successfully logged on, querying the database on the username for the "real" roles, and using the real roles to determine what to display and not to display.
I met my needs more easily than anticipated. All I had to do was this:
Excerpt of custom UserDetailsServiceImpl class (class AppUser is an @Entity with a @OneToMany relationship to UserRole, which is also an @Entity mapped to the USER_ROLE table):
Code:
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (UserRole role : myAppUser.getRoles()) {
authorities.add(new GrantedAuthorityImpl(role.getRole().getDescription()));
// Roles include Administrator, Senior Read-Write, etc.
}
In the jspx:
Code:
<security:authorize ifAnyGranted="Senior Read-Write,Read-Write,Administrator">
<li><a href="${home_url}">Home</a></li>
<li><a href="${item1_url}">Item 1</a></li>
<li><a href="${item2_url}">Item 2</a></li>
<security:authorize ifAllGranted="Administrator">
<li><font color="white"><b>Administration</b></font>
<ul>
<li><a href="${query_users_url}">User Maintenance</a></li>
<li><a href="${vocab_Maint_url}">Vocabulary Maintenance</a></li>
</ul>
</li>
</security:authorize>
<li><a href="${change_password_url}">Change My Password</a></li>
<li><a href="${help_url}" target="help">Help</a></li>
<li><a href="${logout_url}">Logout</a></li>
</security:authorize>
Dynamic role names and dynamic URLs
ass
