User-Role hierarchies in spring security

In most of our applications we are using spring security core plugin for the authentication process. We define some roles in that . Have your ever thought about assigning precedence to the roles. Like, You are having 3 roles defined in your application.

i.e. ROLE_SUPER_ADMIN, ROLE_ADMIN ,ROLE_ATTENDEE.

While using these roles i.e

[java]
@Secured([‘ROLE_ATTENDEE’])
def dashBoard(){
render(view: ‘dashBoard’)
}

[/java]

Here above you can see that you are restricting the access to this function , if you want that this function should be accessible by ADMIN also , you will mention that role over there.

i.e.
[java]
@Secured([‘ROLE_ATTENDEE’,’ROLE_ADMIN’])
[/java]

In my project i was having same scenario , So instead of defining list of comma separated roles. You would define a role hierarchy in your config.groovy as mentioned below :-

[java]
grails.plugins.springsecurity.roleHierarchy = ”’
ROLE_SUPER_ADMIN > ROLE_ADMIN
ROLE_ADMIN > ROLE_ATTENDEE
”’
[/java]

Here you can see , I have defined a role hierarchy like parent child relationship. So, Like in previous example

[java]
@Secured([‘ROLE_ATTENDEE’])
def dashBoard(){
render(view: ‘dashBoard’)
}

[/java]

Now above written function would be acessible by all parent roles . No need to specify all the required roles. Isn’t it cool.

Hope it helps. 🙂

Thanks & Regards,
Robin Sharma.
robin@intelligrape.com