I am new to Spring Security. Can Spring Security validate the relationship between users?
for example:
I have two users type. one is teacher, another one is student. I wanna validate whether this student have relationship with the special teacher. Then the student can do some operation with this special teacher.
Can spring security achieve this goal?Please pro开发者_StackOverflow中文版vide me some reference, keyword, or link then i can do more study
Thx
Security issues can be categorised as authentication or authorization issues. Your issue is an authorization issue. But it is not a static authorization problem, since it is not caused due to the configuration of rights and roles of the user, but it is a dynamic one since it has to do with the student being related to a teacher in order to be authorised to execute some specific action. What you need is to inject the spring security which business checks that provide a positive flag each time this relation is satisfied.
If I undestood you problem well perhaps you might need to read and understand about AccessDecisionManager
class from Spring Security.
At its core, this doesn't sound like a Spring Security issue - its data related. If this is a relationship that is stored in your DB, and you are using an ORM, then there should be a OneToMany
relationship between the Teacher and the Student (and ManyToOne
conversely).
If you want to track some additional information about a logged-in user (say, their primary Teacher) in the Spring Security context, then you need to implement the UserDetailsService
and extend the Spring Security User
object with your additional data.
精彩评论