Announcement Announcement Module
No announcement yet.
Map of GrantedAuthorities Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Map of GrantedAuthorities


    i'm trying to use Spring Security in our application but have a bit of a special requirement. When i log-in at the application i don't know for which department and i also don't want to know as there might be employees which work in multiple departments. When loading the GrantedAuthorities i'd like to load a map of GrantedAuthorities which should have the departmentId as the key and a list of GrantedAuthorities (for this department of course).
    The reason is that the emp might have different permissions in different departments and some permissions are company wide (i.e. read access to employees) and some are specific to the department (i.e. delete an employee if the logged in user is the head of the department, but only for this department).
    So for example the head of department A should be able to see all employees of the company but certain attributes (benefits, salary,...) only for his department, same principal for actions.
    I found ACL's as it seems to fit my needs in regard to 'crud' access but not really the map of granted authorities problem or did i miss something yet.
    I also found the MapBasedAttributes2GrantedAuthoritiesMapper but couldn't find anything on how to use it or where it's already used by Spring Sec.

    Any hints how to solve this would be greatly appreciated.