1

Good day.

I am working on Spring Boot Security. I am stuck with a problem, and can't figure out how to implement UserDetails to grant authorities of a user with multiple roles, and each roles have different set of permissions.

For Example: Let's say Mr. Keanu Reeves has two roles with different set of permissions.

ID ----- ROLES ----------------- PERMISSIONS
1 ------ ROLE_JOHNWICK------ LOVE, SURVIVE, KILL
2 ------ ROLE_NEO------------- LOVE, SURVIVE

How can I grant authorities in UserDetails, so that Mr. Keanu Reeves can perform his role ROLE_JOHNWICK with permissions like LOVE, SURVIVE, KILL in one section, and in separate section he should perform LOVE, SURVIVE with the role ROLE_NEO.

Thanks in advance for your help.

Sujan
  • 21
  • 7
  • There are a few ways to do that, I recommend that you read the [documentation about authorities](https://docs.spring.io/spring-security/reference/servlet/authorization/architecture.html#authz-authorities). I think you'd have a complex `GrantedAuthority` and provide an implementation that consider the authorities that comes with the role. Another alternative would be to use the `RoleHierarchy` – Marcus Hert da Coregio Jun 01 '22 at 12:22
  • Thanks @MarcusHertdaCoregio for your comment. ```RoleHierarchy``` isn't an option for me because, I have many dynamic roles to handle which comes from DB. – Sujan Jun 01 '22 at 14:54

0 Answers0