开发者

Spring Security Meta Annotation

问答 作者:

Is it possible to build Meta Annotations of Spring Security @PreAuthorize like for @Component or @Qualifier?

What I want to do is replace @PreAuthorize("hasRole('ADMIN')") by a shortcut like @IsAdmin. But I did not find any hint in the doc开发者_C百科umentation.

This works at least with Spring Security 3.0.2.RELEASE:

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@PreAuthorize("hasRole('ADMIN')")
public @interface IsAdmin
{
}

Yes, it's documented in the official documentation (Spring Security 5.1) : see Method Security Meta Annotations

Example provided :

@Retention(RetentionPolicy.RUNTIME)
@PreAuthorize("#contact.name == authentication.name")
public @interface ContactPermission {}

esajs example is correct:

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@PreAuthorize("hasRole('ADMIN')")
public @interface IsAdmin
{
}

however for some strange undocumented reason this will not work in my Spring Boot (vr 2.1.2.RELEASE) project without the proxyTargetClass option turned on in configuration like so:

@EnableGlobalMethodSecurity(
    prePostEnabled = true,
    proxyTargetClass = true
)

继续阅读:annotationsspringspring-security

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9