2

I am having division table with three row like

  • divsionId name

    1        divA
2        divB
3        divC

and customertable like

custId Name divisionId

1     cust01       1
2     cust02       1
3     cust03       2
4     cust04       1
5     cust05       2
6     cust06       3
7     cust07       3
8     cust08       1

and user table like

userId uname password roleId divisionId

   1      john      ***       1          1
   2      ravi      ***       2          1
   3      bush      ***       2          2
   4      sam       ***       2          3
   5      jasd      ***       1          2
   6      jas       ***       2          2
   7      jioa      ***       2          3
   8      saho      ***       2          1
   9      vija      ***       1          1

roleId name

   1      ADMIN
   2      USER

when user try to login with three paramters like { "division" : "divA", "uname" : "john", "password": "****" }

if user got successfully login, i will genrate JWT Token includes division,role,etc

@GetMapping("/listcustomers")
public List<Customers> getCustomers(){
return customerService.findAll();
}

In this scenario when the user try to access /listcustomers api from customers table he should get the list of customers who are matched with division Id logged in user and divisonId Of customer assigned division only, AND HE SHOULD NOT BE ABLE TO ACCESS OTHER DIVISION CUSTOMERS FROM ANY WHERE, This is how i am looking for outpoot, No were i got the solution, Please any one help me, and also there are many apis with division assigned objects, And ROLE base its working fine, but division wise i'm not getting,

I am using spring boot 2.0.0.Relaease, Java 8, Hibernate, JWT Authentication spring security

Naveen
  • 45
  • 3
  • 10

1 Answers1

1

Assuming you created a jwt token, you can user Principal to get the username from the token. Then you define findByUsername which returns filtered customers for that user.

import java.security.Principal;

@GetMapping("/listcustomers")
public List<Customers> getCustomers(Principal principal){
    String currentUser = principal.getName()
     return customerService.findByUsername(currentUser );
}
Udara S.S Liyanage
  • 6,189
  • 9
  • 33
  • 34
  • i want to filter customers with division at many api calls, As you said, for every query i need to add condition for each and every method, instead of that is there any other approach to make filter only onece for all api calls, it simple and more flexible to filter in securityconfig class – Naveen Sep 04 '18 at 12:07
  • Use filters im not sure – Ashish Kamble Jul 11 '20 at 15:54