Dec 7th, 2011, 11:13 PM
Custom PermissionEvaluator and other issues
Hi, I am new to Spring and Spring Security. Can somebody please help out with the issue below?
I have implemented a custom PermissionEvaluator by implementing hasPermission(Authentication authentication, Object targetDomainObject, Object permission). It is not using ACL and internally uses our own data security model. Everything is working as expected. However, I am not sure how to make the overloaded method work:
hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission)
I initially thought I could use this in scenarios as mentioned in documentation - i.e. when the object is not loaded, but there is enough information about the type and the primary key - but I could not make it work using Expression Language. Is it possible to hook this implementation to some kind of EL based-check that takes in an object type and identifier? I want to use it the same way as the other hasPermission method - to protect methods using PreAuthorize EL expression.
Thanks a lot,
Dec 8th, 2011, 12:21 PM
My bad. This is resolved now... I was using a wrong EL. It does work if the EL has the additional parameters passed on correctly in hasPermission.