Originally posted here.
I need to make a legacy application start using spring security 3.
This app already has its security data model. The follow diagram illustrates:
Very simple by far. I can write my custom usersByUsernameQuery and authoritiesByUsernameQuery.
The thing is that there is another table indicating the operation (i.e. @Service layer method) that a Role can execute:
So the administrator can enable/disable a role from accessing an operation through a web interface, without redeploying the app.
I don't want (for now) ended up creating my own annotation. Unless it is not possible with what we have out of the box.
I still can annotate the business methods with @Secure('ROLE_ADMIN') for example, but my custom UserDetailsService must know at least the method name that is being secured, so I can perform the right query. Is there any way?