0

I have a requirement where I need to use role based access to service methods. I have restful services and i use spring-data to interact with MongoDB.

There are some of the restrictions that I have. I deal with a document in DB called "Organization". In each organization, I know who are the Admins. I do not have a repository of users who can access the services.

So the only way I can enforce some access based rules is to check if the logged in user is one of the admin's configured for each organization and then allow the user to access the methods.

Should I think of applying Spring security in this case? Otherwise will a simple check on user against the configured admins in the database document help? Can I make this check at a single point so that I can apply it to service methods based on my use case needs.

Please provide your suggestions / thoughts on how to go about this.

Ram Viswanathan
  • 181
  • 3
  • 14

1 Answers1

0

If you use Spring Security your rest methods can take advantage of a passed-in authenticated Principal object (example here) whereupon you can do whatever extra validation desired (such as checking if the admin is good for the given organization requested, etc.) There are many other parameters also available, perhaps allowing for this org checking to be done once and stored in the session object.

Glen Mazza
  • 748
  • 1
  • 6
  • 27