Announcement Announcement Module
No announcement yet.
Custom PermissionEvaluator and other issues Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom PermissionEvaluator and other issues

    Hi, I am new to Spring and Spring Security. Can somebody please help out with the issue below?

    I have implemented a custom PermissionEvaluator by implementing hasPermission(Authentication authentication, Object targetDomainObject, Object permission). It is not using ACL and internally uses our own data security model. Everything is working as expected. However, I am not sure how to make the overloaded method work:

    hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission)

    I initially thought I could use this in scenarios as mentioned in documentation - i.e. when the object is not loaded, but there is enough information about the type and the primary key - but I could not make it work using Expression Language. Is it possible to hook this implementation to some kind of EL based-check that takes in an object type and identifier? I want to use it the same way as the other hasPermission method - to protect methods using PreAuthorize EL expression.

    Thanks a lot,

  • #2

    My bad. This is resolved now... I was using a wrong EL. It does work if the EL has the additional parameters passed on correctly in hasPermission.