Announcement Announcement Module
Collapse
No announcement yet.
Method Security: default expression Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Method Security: default expression

    Is there possibility to set default security expression such as @PreAuthorize("hasRole('ROLE_USER')") for all methods in class or whole project?

  • #2
    You should be able to use the annotation at class level (though obviously you can't really use method parameters in that case).

    An annotation only makes sense if you add it to the source, but there are ways of applying security attributes across multiple classes. For example, you can use the protect-pointcut syntax which is provided by the namespace.

    Comment


    • #3
      does the protect-pointcut syntax supprt spring-el expressions? i am unable to get it to work ...

      HTML Code:
      	<security:global-method-security pre-post-annotations="enabled">
      		<security:protect-pointcut expression="execution(* com.acl.controllers.*Controller.*(..))"
      			access="isFullyAuthenticated()" />
      	</security:global-method-security>
      Code:
      java.lang.IllegalArgumentException: Unsupported configuration attributes: [isFullyAuthenticated()]
      	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)

      Comment


      • #4
        No, it only supports simple attributes.

        Comment


        • #5
          I logged a New Feature request:

          https://jira.springframework.org/browse/SEC-1663

          Thanks for replying so quickly!

          Comment

          Working...
          X