I understand that in Spring a GrantedAuthority is application-wide. But let suppose I wanted a user to only have access to say item#54. So I might have a UsersItems table to link multiple users to multiple items. The Spring Security reference documentation says, "Of course, Spring Security is expressly designed to handle this common requirement, but you'd instead use the project's domain object security capabilities for this purpose." Are there any good examples showing how this is done? It sounds like I would forgo the roles system that spring security uses? I'm somewhat confused on how Spring security is designed for this. Thanks for any insight you can give me on this or anything you suggest I should do to get started.
Object-Specific GrantedAuthority Page Title Module
Move Remove Collapse
This topic is closed