spring boot - Best practice to maintain permissions into SpringSecurityContextHolder -

what best practice handle permissions in microservice architecture projects using spring security

currently, using microservice architecture using spring boot, angular2, spring security , lot of other technologies:

example:

user: user 01   role1 name: manage_shop_level1   permissions : "manage_shop_create","manage_shop_upload",    role2 name : manage_shop_leve2 (advance level)   permissions : "manage_shop_delete"

we setting list of permissions in securitycontextholder

authorizationobject = new usernamepasswordauthenticationtoken(username, null, permissionslistobject); securitycontextholder.getcontext().setauthentication(authorizationobject);

permissionslistobject : {   "manage_shop_create",   "manage_shop_upload",   "manage_shop_delete"   , on..(if user has 100 permissions saving 100 permissions directly securitycontextholder list)   }

and using @preauthorize annotation @ method level below:

@preauthorize("hasauthority('manage_shop_create')")

here, permissions not persisting securitycontextholder, each , every request hitting db permissions. how persist permissions securitycontextholder? next subsequent request load context instead of hitting database.

Brazee

Search This Blog

spring boot - Best practice to maintain permissions into SpringSecurityContextHolder -

Comments

Post a Comment