Java – spring security authorizes the requests value from the database

I want to configure the authorize requests value from the database when the server starts At present, I have given the hard core value in the Java class file. Is there any way to read the same content from the database

The following is sample code:

protected void configure(HttpSecurity http) throws Exception {
http
    .authorizeRequests()                                                                
        .antMatchers("/resources/**","/signup","/about").permitAll()                  
        .antMatchers("/admin/**").hasRole("ADMIN")                                      
        .antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")            
        .anyRequest().authenticated()                                                   
        .and()
    // ...
    .formLogin();
}

How to read the URL from the database, for example: / admin / * *, instead of the hard coded value in the class file

Solution

You can use spring JDBC support First, you need to set up the database You can then retrieve the rows and process them appropriately

You should have a table where you have rows and a column filled like / admin / * * and / db / * * The other column should be filled with role access information Then, following this tutorial, you should retrieve these rows Suppose you have the following entity classes:

class Matcher {
   public String name;
   public String roleInfo;
}

You can then traverse the matcher entity for configuration:

http.authorizeRequests()
            .antMatchers("/resources/**","/about").permitAll();

    for (Matcher matcher : matchers) {
        http.authorizeRequests().antMatchers(matcher.name).access(matcher.roleInfo);
    }
    http.authorizeRequests().anyRequest().authenticated()
            .and()
                    // ...
            .formLogin();