Can we define Custom Spel function in @PostFilter annotation?
Hi to all
I have a simple question.
I read that is possible to define custom bean that extend SecurityExpressionRoot.
In this class i can add some custom method. hasConv() for example
Then i must define a:
Code:public class MyMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler implements MethodSecurityExpressionHandler { @Override protected SecurityExpressionRoot createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation) { MyMethodSecurityExpressionRoot root = new MyMethodSecurityExpressionRoot(authentication); //root.setThis(invocation.getThis()); root.setPermissionEvaluator(getPermissionEvaluator()); return root; } }
And then the xml configuration:
In StorytellingPermissionEvaluator i have standard hasPermission method.Code:<security:global-method-security pre-post-annotations="enabled" mode="aspectj"> <security:expression-handler ref="expressionHandler"/> </security:global-method-security> <bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler"> <property name="permissionEvaluator" ref="permissionEvaluator"/> </bean> <bean id="permissionEvaluator" class="org.springframework.samples.petclinic.StorytellingPermissionEvaluator"> </bean>
With @PreAuthorize i can evaluate without any problem the function defined above: @PreAuthorize( hasConv(..))
With @PostFilter instead the expression seems to be evaluated but i had a classcastexception in DefaultMethodSecurityExpressionHandler class at:
miss something?Code:@SuppressWarnings("unchecked") public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) { MethodSecurityExpressionRoot rootObject = (MethodSecurityExpressionRoot) ctx.getRootObject().getValue();
Is there an alternative way, more simple, to achieve the same objective?
Thanks in advance.
IlPistolero
Reply With Quote
