How to create security anotation like spring security

i wonder how to create security a开发者_运维问答nnotation like spring security does (@PreAuthorized or @Secured) that will check session than do something to decide how application will threat the authority to log on user.

is any resource i can read or any recommendation?

best regards

ps: for some reason, i cannot use spring security

The technique behind these annotations is called Aspect Oriented Programming (AOP).

Spring Security relies on Spring AOP, which allows you to intercept particular method calls on Spring-managed object, so that you can apply security checks to them.

See Aspect Oriented Programming with Spring. Alternatively, if you want to do it without Spring, see standalone AOP implementations such as AspectJ.

The best tutorial for 'how does Spring Security work' is 'the source of Spring Security'. It is open source. You can read it. Honestly, the question as posed is much to broad to allow for much more of an answer.