I am new to spring security. I am trying to implement ACL. Have created required tables. Now, I have to put READ permission on a method which returns a Page.
The method fetches a list of candidates and their details from DB and displays in the front end. In this scenario, which one should be used -
@PreAuthorize(hasPermission) or @PreAuthorize(hasRole)?
I am not sure how to set permission for a Page(containing details of candidates), I am only able to put permission on the individual candidate. The permission of the user must be modifiable in the future - Like, two users under the same role might be granted different permissions on the same object. Will
hasRole work in this scenario?
The requirement seems straightforward, but I am not sure of the solution. What am I missing here?