Issue
I have a Spring Boot application that has got method level security with @RollsAllowed('NAME_OF_THE_ROLE')
The situation I have got is that when the application goes from dev to higher environment and from there to production the names of the security groups change. Any ideas on how I can inject name of the security in @RollsAllowed()
based on what environment I am deploy the application to?
Solution
Solution 1: Multiple tolerance
If the name of your role does not change in time and there is no name conflict between environments, you can use the @Secured
annotation with the different groups depending on the environment.
For example @Secured({ "DEV_VIEWER", "ALPHA_VIEWER", "PRD_VIEWER"})
Solution 2 : Hand made
Otherwise, if you want something, you can switch to the @PreAuthorize
annotation with a Custom PermissionEvaluator.
Baeldung made a rather complete guide on the subject https://www.baeldung.com/spring-security-create-new-custom-security-expression
Answered By - Léo
Answer Checked By - Dawn Plyler (JavaFixing Volunteer)