Announcement Announcement Module
No announcement yet.
sec:accesscontrollist hasPermission only support single permission and name based Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • sec:accesscontrollist hasPermission only support single permission and name based

    In the spring security documentation section 20.4 mentioned that
    <sec:accesscontrollist hasPermission="1,2" domainObject="${someObject}">
    This will be shown if the user has either of the permissions 
    represented by the values "1" or "2" on the given object.
    When I tested, it doesn't even work with integer value. It only works if the value is the name of the permission (e.g: ADMINISTRATION, WRITE, READ, etc). More over, it does not support multiple permissions. It boils down to, particularly in the following line
     if (permissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(),
                    domainObject, hasPermission)) {
                return evalBody();
    which does not parse each individual permission before passing to the permissionEvaluator.

    I might be missing something here, but does anyone encountering something like this?

  • #2
    I just encountered the same problem. We currently use Spring 3.0.5 and Spring Security 3.0.5. I upgraded 3.1.2 and 3.1.1, respectively, and received error messages complaining about both comma-delimited permission names, and integer masks. I don't have any suggestion for a fix, but the behavior is unexpected.


    • #3
      I logged SEC-2022 and SEC-2023. In the meantime you can either decorate your PermissionEvaluator interface or use the following:

      <security:authorize access="hasPermission(#object,'READ') and hasPermission(#object,'WRITE')">
      <security:authorize access="hasPermission(#object,1) and hasPermission(#object,2)">


      • #4
        Thanks for the quick response & fix!


        • #5
          This has been my need to answer, today was finally discovered, thanks for your sharing, is really a good article.