gvNix: How to restrict access based on roles
Question
I'm developing an application using gvNix . I used typicalsecurity addon to secure my application. What I need now is to allow the user to update only their profile. ie the user can see a profile tab on the nav bar menu, and when clicking on it, a form should be displayed containing only their data.
I tried adding the following to my code, but it restricts the access even to the admin.
@RooWebScaffold(path = "users", formBackingObject = User.class, delete=false, create=false);
The xml here removes the menu tab or part of its sub items, so it doesn't show an option to edit the profile
...
xmlns:sec="http://www.springframework.org/security/tags"
...
<sec:authorize ifAllGranted="ROLE_ADMIN">...</sec:authorize>
1 answers
solution1
0 2015-12-26 15:47:20
Usually all the users should update their profiles, so the link should be visible for all users.
Then modify the controller method that handles that request to get the user principal for the requester, this is the way to load the profile of the loged user.
To get the principal of the user read the Spring Security docs.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.