Define own permission in ACL

**rafalre** · Nov 21st, 2010, 12:38 PM

Hellow,
I create own permission:

Code:

public class MyPermission extends BasePermission {
    
    public static final Permission ACCEPT = new RPermission(1 << 5, 'E');
}

When I use it like this:

Code:

@PreAuthorize(value = "hasPermission(#id, 'SomeObject', 32)")
public void accept(long id) throws SpringSecurityGWTException;

then it's fine
I wont use it like this:

Code:

@PreAuthorize(value = "hasPermission(#id, 'SomeObject', accept)")
public void accept(long id) throws SpringSecurityGWTException;

but then I got exceptions:

Code:

[INFO] Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 28): Field or property 'accept' cannot be found on object of type 'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot'

**Luke Taylor** · Nov 22nd, 2010, 05:17 AM

You can inject a custom PermissionFactory into the AclPermissionEvaluator. Check the source for DefaultPermissionFactory.

**rafalre** · Nov 23rd, 2010, 02:27 PM

Of course I created a MyPermissionFactory:

Code:

public class MyPermissionFactory extends DefaultPermissionFactory {

    public MyPermissionFactory() {
        
        registerPublicPermissions(MyPermission.class);
    }
}

and inject into the AclPermissionEvaluator, when I write like this:

Code:

@PreAuthorize(value =
        "hasRole('ROLE_COST')" +
        " and " +
        "hasPermission(#id, 'SomeObject', accept)")
    public void delete(long id) throws SpringSecurityGWTException;

I got exception (I include more details):

Code:

[INFO] Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 28): Field or property 'accept' cannot be found on object of type 'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot'
[INFO] 	at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:206)
[INFO] 	at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:71)
[INFO] 	at org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:60)
[INFO] 	at org.springframework.expression.spel.ast.OpAnd.getValueInternal(OpAnd.java:60)
[INFO] 	at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102)
[INFO] 	at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:97)
[INFO] 	at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11)
[INFO] 	... 43 more

I debug evaluate expression

Code:

"hasRole('ROLE_WYDATEK')" +
" and " +
"hasPermission(#idWydatku, 'pl.rafalre.model.dto.WydatekDTO', accept)"

and I see that geter or field (getAccept or isAccept or accept) is must exists in MethodSecurityExpressionRoot, unless I have at it wrong?

**masotime** · Jan 28th, 2011, 02:27 AM

I think you need to put the permission name in quotes. I created a static permission called EDIT_ROLES, then used the expression

Code:

hasPermission(#user, 'edit_roles')

and it worked without problems (the custom PermissionFactory had to be set for the permission evaluator of course).

Thread: Define own permission in ACL

Thread Tools

Display

Define own permission in ACL

Tags for this Thread

Posting Permissions