We already have a system in which backend uses Spring, and frontend is in Angular.We are grouping certain pages into features, allowing the admin to dynamically assign access to these features based on roles. Currently, we use the ResourceServerConfigurerAdapter with the .antMatchers(“url”).hasAnyAuthority(access1, access2) method to manage API access for entire controllers. However, this approach requires manually updating the ResourceServerConfigurerAdapter whenever a feature is completely removed. Since this file is primarily for security configurations, we often skip updating it when access to a feature is removed, as doing so would require redeployment. This practice is cumbersome, error-prone, and leaves APIs for removed features unnecessarily open to certain roles.
To address this, we need a dynamic implementation where access to APIs is restricted to the features actively in use.
Question-1: We have found a approach mentioned below but it is cumbersome, error-prone and time consuming so we need to know if there is any alternative to this approach.
Current approach:
We have feature table we are storing angular urls related to that feature in URLS column and controller apis in APIS column as mentioned below:

We already have a system in which backend uses Spring, and frontend is in Angular.We are grouping certain pages into features, allowing the admin to dynamically assign access to these features based on roles. Currently, we use the ResourceServerConfigurerAdapter with the .antMatchers(“url”).hasAnyAuthority(access1, access2) method to manage API access for entire controllers. However, this approach requires manually updating the ResourceServerConfigurerAdapter whenever a feature is completely removed. Since this file is primarily for security configurations, we often skip updating it when access to a feature is removed, as doing so would require redeployment. This practice is cumbersome, error-prone, and leaves APIs for removed features unnecessarily open to certain roles.
To address this, we need a dynamic implementation where access to APIs is restricted to the features actively in use.
Question-1: We have found a approach mentioned below but it is cumbersome, error-prone and time consuming so we need to know if there is any alternative to this approach.
Current approach:
We have feature table we are storing angular urls related to that feature in URLS column and controller apis in APIS column as mentioned below:

We already have a system in which backend uses Spring, and frontend is in Angular.We are grouping certain pages into features, allowing the admin to dynamically assign access to these features based on roles. Currently, we use the ResourceServerConfigurerAdapter with the .antMatchers(“url”).hasAnyAuthority(access1, access2) method to manage API access for entire controllers. However, this approach requires manually updating the ResourceServerConfigurerAdapter whenever a feature is completely removed. Since this file is primarily for security configurations, we often skip updating it when access to a feature is removed, as doing so would require redeployment. This practice is cumbersome, error-prone, and leaves APIs for removed features unnecessarily open to certain roles.
To address this, we need a dynamic implementation where access to APIs is restricted to the features actively in use.
Question-1: We have found a approach mentioned below but it is cumbersome, error-prone and time consuming so we need to know if there is any alternative to this approach.
Current approach:
We have feature table we are storing angular urls related to that feature in URLS column and controller apis in APIS column as mentioned below:

We already have a system in which backend uses Spring, and frontend is in Angular.We are grouping certain pages into features, allowing the admin to dynamically assign access to these features based on roles. Currently, we use the ResourceServerConfigurerAdapter with the .antMatchers(“url”).hasAnyAuthority(access1, access2) method to manage API access for entire controllers. However, this approach requires manually updating the ResourceServerConfigurerAdapter whenever a feature is completely removed. Since this file is primarily for security configurations, we often skip updating it when access to a feature is removed, as doing so would require redeployment. This practice is cumbersome, error-prone, and leaves APIs for removed features unnecessarily open to certain roles.
To address this, we need a dynamic implementation where access to APIs is restricted to the features actively in use.
Question-1: We have found a approach mentioned below but it is cumbersome, error-prone and time consuming so we need to know if there is any alternative to this approach.
Current approach:
We have feature table we are storing angular urls related to that feature in URLS column and controller apis in APIS column as mentioned below:

We already have a system in which backend uses Spring, and frontend is in Angular.We are grouping certain pages into features, allowing the admin to dynamically assign access to these features based on roles. Currently, we use the ResourceServerConfigurerAdapter with the .antMatchers(“url”).hasAnyAuthority(access1, access2) method to manage API access for entire controllers. However, this approach requires manually updating the ResourceServerConfigurerAdapter whenever a feature is completely removed. Since this file is primarily for security configurations, we often skip updating it when access to a feature is removed, as doing so would require redeployment. This practice is cumbersome, error-prone, and leaves APIs for removed features unnecessarily open to certain roles.
To address this, we need a dynamic implementation where access to APIs is restricted to the features actively in use.
Question-1: We have found a approach mentioned below but it is cumbersome, error-prone and time consuming so we need to know if there is any alternative to this approach.
Current approach:
We have feature table we are storing angular urls related to that feature in URLS column and controller apis in APIS column as mentioned below:

We already have a system in which backend uses Spring, and frontend is in Angular.We are grouping certain pages into features, allowing the admin to dynamically assign access to these features based on roles. Currently, we use the ResourceServerConfigurerAdapter with the .antMatchers(“url”).hasAnyAuthority(access1, access2) method to manage API access for entire controllers. However, this approach requires manually updating the ResourceServerConfigurerAdapter whenever a feature is completely removed. Since this file is primarily for security configurations, we often skip updating it when access to a feature is removed, as doing so would require redeployment. This practice is cumbersome, error-prone, and leaves APIs for removed features unnecessarily open to certain roles.
To address this, we need a dynamic implementation where access to APIs is restricted to the features actively in use.
Question-1: We have found a approach mentioned below but it is cumbersome, error-prone and time consuming so we need to know if there is any alternative to this approach.
Current approach:
We have feature table we are storing angular urls related to that feature in URLS column and controller apis in APIS column as mentioned below:

We already have a system in which backend uses Spring, and frontend is in Angular.We are grouping certain pages into features, allowing the admin to dynamically assign access to these features based on roles. Currently, we use the ResourceServerConfigurerAdapter with the .antMatchers(“url”).hasAnyAuthority(access1, access2) method to manage API access for entire controllers. However, this approach requires manually updating the ResourceServerConfigurerAdapter whenever a feature is completely removed. Since this file is primarily for security configurations, we often skip updating it when access to a feature is removed, as doing so would require redeployment. This practice is cumbersome, error-prone, and leaves APIs for removed features unnecessarily open to certain roles.
To address this, we need a dynamic implementation where access to APIs is restricted to the features actively in use.
Question-1: We have found a approach mentioned below but it is cumbersome, error-prone and time consuming so we need to know if there is any alternative to this approach.
Current approach:
We have feature table we are storing angular urls related to that feature in URLS column and controller apis in APIS column as mentioned below:

I came accross this code snippet which can be found in a tutorial but also on StackOverflow [1], [2]. I’m not sure if it really makes sense: