开发者

Can Spring Security validate the relationship between user?

开发者 https://www.devze.com 2023-04-07 14:36 出处:网络
I am new to Spring Security. Can Spring Security validate the relationship between users? for example:

I am new to Spring Security. Can Spring Security validate the relationship between users?

for example:

I have two users type. one is teacher, another one is student. I wanna validate whether this student have relationship with the special teacher. Then the student can do some operation with this special teacher.

Can spring security achieve this goal?

Please pro开发者_StackOverflow中文版vide me some reference, keyword, or link then i can do more study

Thx


Security issues can be categorised as authentication or authorization issues. Your issue is an authorization issue. But it is not a static authorization problem, since it is not caused due to the configuration of rights and roles of the user, but it is a dynamic one since it has to do with the student being related to a teacher in order to be authorised to execute some specific action. What you need is to inject the spring security which business checks that provide a positive flag each time this relation is satisfied.

If I undestood you problem well perhaps you might need to read and understand about AccessDecisionManager class from Spring Security.


At its core, this doesn't sound like a Spring Security issue - its data related. If this is a relationship that is stored in your DB, and you are using an ORM, then there should be a OneToMany relationship between the Teacher and the Student (and ManyToOne conversely).

If you want to track some additional information about a logged-in user (say, their primary Teacher) in the Spring Security context, then you need to implement the UserDetailsService and extend the Spring Security User object with your additional data.

0

精彩评论

暂无评论...
验证码 换一张
取 消