In Spring Security, how would you handle the situation where a user needs multiple roles for accessing different resources?

  • Assign a composite role that includes all the required roles to the user.
  • Define a separate authentication filter for each resource and specify the required roles in the filter configuration.
  • Use a custom AccessDecisionVoter to evaluate the user's roles and grant access accordingly.
  • Create multiple user accounts, each with a different role, for accessing different resources.
In Spring Security, when a user needs multiple roles for accessing different resources, you can assign a composite role to the user. This composite role should include all the required roles for accessing those resources. Option 2 is not a recommended approach as it would lead to code duplication. Option 3 is a more complex solution and might not be necessary for this scenario. Option 4 is not an efficient way to handle role-based access control.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *