Spring security adds the prefix “ROLE_” by default. If you want this removed or changed, take a look at How to change role from interceptor-url? EDIT: found this as well: Spring Security remove RoleVoter prefix
Here is a simple and elegant solution which allows you to simply use the following syntax: [AuthorizeRoles(MyEnum.Admin, MyEnum.Moderator)] When creating your own attribute, use the params keyword in your constructor: public class AuthorizeRoles : AuthorizeAttribute { public AuthorizeRoles(params MyEnum[] roles) { … } protected override bool AuthorizeCore(HttpContextBase httpContext) { … } } This will allow … Read more
Add something like this to your web.config: <customErrors mode=”On” defaultRedirect=”~/Login”> <error statusCode=”401″ redirect=”~/Unauthorized” /> <error statusCode=”404″ redirect=”~/PageNotFound” /> </customErrors> You should obviously create the /PageNotFound and /Unauthorized routes, actions and views. EDIT: I’m sorry, I apparently didn’t understand the problem thoroughly. The problem is that when the AuthorizeAttribute filter is executed, it decides that the … Read more
You can set the data parameter of the route with the role like this const appRoutes: Routes = [ { path: ‘account/super-secure’, component: SuperSecureComponent, canActivate: [RoleGuard], data: { roles: [‘super-admin’, ‘admin’] } }]; and then have this in canActivate of RoleGuard: canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean { let roles = route.data[“roles”] as Array<string>; return (roles … Read more
Author of the roles system here. I’m aware of no ideas that will move us forward in this direction. The problem is that we’d need to check a delicate property in order to ensure that the coercion is safe. Specifically, we want to be able to coerce e.g. HList [Age, Int, String] to HList [Int, … Read more
To my rather basic knowledge in that area, the basic actors of an RBAC are: Resources. Permissions. Users. Roles (i.e. Groups). Resources <- require -> (one or many) Permissions. Roles <- are collections of -> (one or many) Permissions. Users <- can have -> (one or many) Roles. The tables for such a model would … Read more
Found an answer here by Mehdi Golchin which seems to take care of: [Authorize(Roles=”admin,editor,publisher”)] If I also add this to the home controller: [InitializeSimpleMembership] Because this attribute is on the Accounts controller, SimpleMembership database gets initialize only after the first use of the accounts controller like login/register. Even when the current user gets logged in … Read more