Method Security: default expression

**kostepanych** · Jan 26th, 2011, 04:45 AM

Is there possibility to set default security expression such as @PreAuthorize("hasRole('ROLE_USER')") for all methods in class or whole project?

**Luke Taylor** · Jan 26th, 2011, 11:33 AM

You should be able to use the annotation at class level (though obviously you can't really use method parameters in that case).

An annotation only makes sense if you add it to the source, but there are ways of applying security attributes across multiple classes. For example, you can use the protect-pointcut syntax which is provided by the namespace.

**relphie`** · Jan 27th, 2011, 11:07 AM

does the protect-pointcut syntax supprt spring-el expressions? i am unable to get it to work ...

HTML Code:

	<security:global-method-security pre-post-annotations="enabled">
		<security:protect-pointcut expression="execution(* com.acl.controllers.*Controller.*(..))"
			access="isFullyAuthenticated()" />
	</security:global-method-security>

Code:

java.lang.IllegalArgumentException: Unsupported configuration attributes: [isFullyAuthenticated()]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)

**Luke Taylor** · Jan 27th, 2011, 11:18 AM

No, it only supports simple attributes.

**relphie`** · Jan 27th, 2011, 11:24 AM

I logged a New Feature request:

https://jira.springframework.org/browse/SEC-1663

Thanks for replying so quickly!

Thread: Method Security: default expression

Thread Tools

Display

Method Security: default expression

Posting Permissions