Group authority mappings

Now we need to map our existing users to groups, and the groups to authorities. This is done in the security-groups-mappings.sql file. Mapping based on groups can be convenient because often, organizations already have a logical group of users for various reasons. By utilizing the existing groupings of users, we can drastically simplify our configuration. This is how a layer of indirection helps us. We have included the group definitions, group to authority mappings, and a few users in the following group mapping:

    //src/main/resources/database/h2/security-groups-mappings.sql

    -- Create the Groups

    insert into groups(group_name) values ('Users');
    insert into groups(group_name) values ('Administrators');

    -- Map the Groups to Roles

    insert into group_authorities(group_id, authority)
    select id,'ROLE_USER' from groups where group_name='Users';
    insert into group_authorities(group_id, authority)
    select id,'ROLE_USER' from groups where
    group_name='Administrators';
    insert into group_authorities(group_id, authority)
    select id,'ROLE_ADMIN' from groups where
    group_name='Administrators';

    -- Map the users to Groups

    insert into group_members(group_id, username)
    select id,'user1@example.com' from groups where
    group_name='Users';
    insert into group_members(group_id, username)
    select id,'admin1@example.com' from groups where
    group_name='Administrators';
    ...

Go ahead and start the application, and it will behave just as before; however, the additional layer of abstraction between the users and roles simplifies the managing of large groups of users.

Your code should now look like calendar04.02-calendar.