1

I'm making an application, in which you can create your own profiles for users, is it possible to authenticate and authorize these profiles in real time? or I have to restart the application to accept the new profiles

The application has a dashboard with different modules, a profile determines whether or not the user will be able to see the module and to see his permissions in it (CRUD). in the front end I'm using Angular 6. so basically I need a security framework to do the authentication and authorization of profiles created in real time and stored in a database.

Tobias Theel
  • 3,088
  • 2
  • 25
  • 45
Flamos
  • 11
  • 3
  • 1
    Could you give more information ? e.g What's your profiles that need to load in real time ? – chaoluo Sep 11 '18 at 14:59
  • the application has a dashboard with different modules, a profile determines whether or not the user will be able to see the module and to see his permissions in it (CRUD). in the front end I'm using Angular 6. so basically I need a security framework to do the authentication and authorization of profiles created in real time and stored in a database. – Flamos Sep 11 '18 at 15:10

1 Answers1

0

I'm a little confused on what specifically you mean here... more detail is needed on what creating a profile entails.

But in any case, Spring Boot provides quite good functionality when it comes to dynamically modifying and reloading configuration data.

Here is a good reference: https://jeroenbellen.com/manage-and-reload-spring-application-properties-on-the-fly/.

Also... there are lots of integrations with external configuration managers (like Consul) which can be useful. They often provide security components which may do most of your work for you. Any configuration stored in these areas can be automatically reloaded on changes using annotations on Spring classes.

Spring also has LDAP integrations (https://docs.spring.io/spring-ldap/docs/current/reference/) which I'm sure can do whatever you need if you're going that route).

But again, please provide more detial in your question so that we can answer it better if this didn't cover it :).

John Humphreys
  • 37,047
  • 37
  • 155
  • 255
  • the application has a dashboard with different modules, a profile determines whether or not the user will be able to see the module and to see his permissions in it (CRUD). in the front end I'm using Angular 6. so basically I need a security framework to do the authentication and authorization of profiles created in real time and stored in a database. – Flamos Sep 11 '18 at 15:11
  • There's no reason you'd have to restart the app if you're storing the user details in a database of any kind. The app won't just read and cache all the permissions or anything like that, unless you go out of your way to make it do that. – John Humphreys Sep 11 '18 at 15:15
  • Well someone told me that with Spring Security you couldn't add new user profiles once the application started, that it was necessary to restart the web application for Spring to recognize the new profiles. – Flamos Sep 11 '18 at 15:27
  • Is this what you're looking for? https://stackoverflow.com/questions/9910252/how-to-reload-authorities-on-user-update-with-spring-security – John Humphreys Sep 11 '18 at 15:34