Announcement Announcement Module
No announcement yet.
Object-Specific GrantedAuthority Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Object-Specific GrantedAuthority

    I understand that in Spring a GrantedAuthority is application-wide. But let suppose I wanted a user to only have access to say item#54. So I might have a UsersItems table to link multiple users to multiple items. The Spring Security reference documentation says, "Of course, Spring Security is expressly designed to handle this common requirement, but you'd instead use the project's domain object security capabilities for this purpose." Are there any good examples showing how this is done? It sounds like I would forgo the roles system that spring security uses? I'm somewhat confused on how Spring security is designed for this. Thanks for any insight you can give me on this or anything you suggest I should do to get started.

  • #2
    Have you looked at the Contacts samples application?


    • #3
      As Rob says, this is something that you would typically handle using the Spring Security ACL module. The ACL module ties into the overall role (aka GrantedAuthority) model used by the rest of Spring Security, so it should "feel" logical to you once you're able to wrap your head around it. As Rob suggests, the Contacts sample application illustrates some aspects of how to use it.


      • #4
        Rob and Peter, thanks very much for your help. I have reviewed the sample contact example and ACL, and it is exactly what I was looking for.