Results 1 to 2 of 2

Thread: @Secured annotation conjunction

  1. Mar 28th, 2011, 07:48 AM #1
    amitkhanna
    amitkhanna is offline Junior Member
    Join Date
    Dec 2010
    Posts
    26

    Default @Secured annotation conjunction

    Hi

    I'm using method level security through @Secured annotation, but I'm stuck with a problem. For most of the methods, if the user has one of the roles mentioned in the list he/she should be granted access, but for some methods only the user with all the roles in the list should be granted access.

    For example

    @Secured({"ROLE_TYPE1", "ROLE_TYPE2"})
    public void method1(){}

    @Secured({"ROLE_TYPE1", "ROLE_TYPE2"})
    public void method2(){}

    method1() should be accessible to user with at least one of the roles: ROLE_TYPE1 or ROLE_TYPE2
    method 2 should be accessible only to user with at least 2 roles: ROLE_TYPE1 and ROLE_TYPE2

    Is this possible in spring security?

    Thanks
    Amit Khanna
    Reply With Quote Reply With Quote
  2. Mar 29th, 2011, 09:33 PM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    You could use

    Code:
    @PreAuthorize("hasAnyRole(...)")
public void method1(){}

@PreAuthorize("hasRole(...)")
public void method2(){}
    PS: In the future please consider use code tags for making the code more readable.
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules