Spring security - How to assign security roles to small groups?

I'm using spring security and have wired it successfully to authenticate users based on roles defined in the authorites table.

I've then protected my resources using AOP e开发者_如何转开发g.

<security:global-method-security >
        <security:protect-pointcut expression="execution(* com.test.testService.*(..))" access="IS_AUTHENTICATED_REMEMBERED"/>
</security:global-method-security>

all is well.

But I'd like to be able to use spring security to secure a users access to a particular articles editing rights. There is a boolean flag on a record a user created and only they should be able to access it otherwise a spring security exception should be thrown.

Any help is very much appreciated.

I think @PreAuthorize annotation may work for you. It takes Spring EL and you can provide access based on a property in principal. Please see What's the difference between @Secured and @PreAuthorize in spring secu 3 ?.