Spring Security - Custom PreAuthorize Annotation? -
i'm guessing answer no here, wondering if there way create custom annotation this:
@documented @inherited @retention(retentionpolicy.runtime) @target({elementtype.type, elementtype.method}) @preauthorize("hasauthority('" + permissionrequired.value() + "')") //doesn't work public @interface permissionrequired { string value(); }
so can this:
@permissionrequired("create_user") public user createuser(user newuser){ //.. }
but there doesn't seem way refer composing annotation, i'm doing above. doesn't @aliasfor solve, i'm not using field directly, i'm concatenating string.
my goal here create security annotations not require spel.
jsr-250 rescue!
enable on application class:
@enableglobalmethodsecurity(prepostenabled = true, jsr250enabled = true) public class myapplication { //.. }
use annotation:
@rolesallowed({"role_create_user"}) public user createuser(user newuser){ //.. }
it seems require "role_" prefixes on authorities, though.
Comments
Post a Comment