Spring Security - Custom PreAuthorize Annotation? -


i'm guessing answer no here, wondering if there way create custom annotation this:

@documented @inherited @retention(retentionpolicy.runtime) @target({elementtype.type, elementtype.method}) @preauthorize("hasauthority('" + permissionrequired.value() + "')") //doesn't work public @interface permissionrequired {    string value(); } 

so can this:

@permissionrequired("create_user") public user createuser(user newuser){ //.. } 

but there doesn't seem way refer composing annotation, i'm doing above. doesn't @aliasfor solve, i'm not using field directly, i'm concatenating string.

my goal here create security annotations not require spel.

jsr-250 rescue!

enable on application class:

@enableglobalmethodsecurity(prepostenabled = true, jsr250enabled = true) public class myapplication { //.. } 

use annotation:

@rolesallowed({"role_create_user"}) public user createuser(user newuser){ //.. } 

it seems require "role_" prefixes on authorities, though.


Comments

Popular posts from this blog

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

sql - Postgresql tables exists, but getting "relation does not exist" when querying -

asp.net mvc - breakpoint on javascript in CSHTML? -