Currently i am using spring security where i have admin login and employee login. The thing is when i am logged in as a employee, i want to hide a button which redirects to admin homepage. Can i somehow make it hidden or unclickable when logged in as a employee? Furthermore there it is also in showCustomer.html where the admin can delete and edit a booking. To sum up; Can i hide html elements when i am logged in as a employee?
code:
protected void configure (HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable();
httpSecurity.authorizeRequests()
.antMatchers("/admin", "/opretBooking", "/showCustomer", "/editCustomer", "/sletBooking", "/medarbejder").hasRole("ADMIN")
.antMatchers("/user", "/showCustomer", "/medarbejder").hasRole("USER")
.antMatchers("/**").permitAll()
.and().formLogin().loginPage("/login").and().logout().permitAll();
If you are using JSP, you can wrap the html in a spring security tag like
<sec:authorize access="isAuthenticated()">
<!-- Content for Authenticated users -->
</sec:authorize>
or Thymleaf
<div sec:authorize="hasRole('ADMIN')">
This content is only shown to administrators.
</div>
If you're using Angular, you can store a boolean value in a cookie that signifies that the user is logged in. Then you would created a directive that hides the html element based on with that the user is logged in or not.
You can use in Html using JSTL
<sec:authorize access="isAnonymous()">
<c:redirect url="/login"/>
</sec:authorize>
<sec:authorize access="hasAnyAuthority('ADMIN')">
<button class="btn btn-info" type="submit">Submit</button>
</sec:authorize>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.