Announcement Announcement Module
Collapse
No announcement yet.
Define own permission in ACL Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Define own permission in ACL

    Hellow,
    I create own permission:
    Code:
    public class MyPermission extends BasePermission {
        
        public static final Permission ACCEPT = new RPermission(1 << 5, 'E');
    }
    When I use it like this:
    Code:
    @PreAuthorize(value = "hasPermission(#id, 'SomeObject', 32)")
    public void accept(long id) throws SpringSecurityGWTException;
    then it's fine
    I wont use it like this:
    Code:
    @PreAuthorize(value = "hasPermission(#id, 'SomeObject', accept)")
    public void accept(long id) throws SpringSecurityGWTException;
    but then I got exceptions:
    Code:
    [INFO] Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 28): Field or property 'accept' cannot be found on object of type 'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot'
    Last edited by rafalre; Nov 21st, 2010, 12:54 PM.

  • #2
    You can inject a custom PermissionFactory into the AclPermissionEvaluator. Check the source for DefaultPermissionFactory.

    Comment


    • #3
      Of course I created a MyPermissionFactory:
      Code:
      public class MyPermissionFactory extends DefaultPermissionFactory {
      
          public MyPermissionFactory() {
              
              registerPublicPermissions(MyPermission.class);
          }
      }
      and inject into the AclPermissionEvaluator, when I write like this:
      Code:
      @PreAuthorize(value =
              "hasRole('ROLE_COST')" +
              " and " +
              "hasPermission(#id, 'SomeObject', accept)")
          public void delete(long id) throws SpringSecurityGWTException;
      I got exception (I include more details):
      Code:
      [INFO] Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 28): Field or property 'accept' cannot be found on object of type 'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot'
      [INFO] 	at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:206)
      [INFO] 	at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:71)
      [INFO] 	at org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:60)
      [INFO] 	at org.springframework.expression.spel.ast.OpAnd.getValueInternal(OpAnd.java:60)
      [INFO] 	at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102)
      [INFO] 	at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:97)
      [INFO] 	at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11)
      [INFO] 	... 43 more
      I debug evaluate expression
      Code:
      "hasRole('ROLE_WYDATEK')" +
      " and " +
      "hasPermission(#idWydatku, 'pl.rafalre.model.dto.WydatekDTO', accept)"
      and I see that geter or field (getAccept or isAccept or accept) is must exists in MethodSecurityExpressionRoot, unless I have at it wrong?

      Comment


      • #4
        I think you need to put the permission name in quotes. I created a static permission called EDIT_ROLES, then used the expression

        Code:
        hasPermission(#user, 'edit_roles')
        and it worked without problems (the custom PermissionFactory had to be set for the permission evaluator of course).

        Comment

        Working...
        X