弹簧引导弹簧安全angularjs

Question

I'm a newbie to the spring world. I need to create a spring boot - angularjs application with some CRUD operations.

The clients need LDAP and local JDBC authentication mechanisms.

They need an authorization mechanism which is common for both sets of users.

The users should be restricted from some pages based on their roles. And separate permissions(Create, Update, Delete) sets needed to be applied to each user

And the roles should be created by the Admin user.

so how can I implement the page-wise authorization which would be decided by the admin that who (which role) can access which page?

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/", "/home").permitAll().antMatchers("/admin").hasRole("ADMIN")
                .anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout()
                .permitAll();
        http.exceptionHandling().accessDeniedPage("/403");
    }

should I specify each role-page combination in the config? Is there any way to dynamically change pages and roles, as the roles may get added later.

Answer 1

You can use spring mvc and Secured annotation

@Controller
public class MainController extends BaseController  {

    @Secured("ROLE_ADMIN")
    @RequestMapping("/")
    String home(Model model) {
        return "home";
    }

}

home page will be /resources/templates/home.ftl or jsp as you preferred. If User is not admin then it will redirect to error page.

If you want you can check permissions manually and send redirect to another page.

PS : You need to add @EnableGlobalMethodSecurity(securedEnabled = true) to Spring boot Configuration class in order to Secured annotation work.

@EnableAutoConfiguration
@ComponentScan
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class Application {

   public static void main(String[] args) throws Exception {
       SpringApplication.run(Application.class, args);
   }

}