Announcement Announcement Module
Collapse
No announcement yet.
@Secured annotation conjunction Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • @Secured annotation conjunction

    Hi

    I'm using method level security through @Secured annotation, but I'm stuck with a problem. For most of the methods, if the user has one of the roles mentioned in the list he/she should be granted access, but for some methods only the user with all the roles in the list should be granted access.

    For example

    @Secured({"ROLE_TYPE1", "ROLE_TYPE2"})
    public void method1(){}

    @Secured({"ROLE_TYPE1", "ROLE_TYPE2"})
    public void method2(){}

    method1() should be accessible to user with at least one of the roles: ROLE_TYPE1 or ROLE_TYPE2
    method 2 should be accessible only to user with at least 2 roles: ROLE_TYPE1 and ROLE_TYPE2

    Is this possible in spring security?

    Thanks
    Amit Khanna

  • #2
    You could use

    Code:
    @PreAuthorize("hasAnyRole(...)")
    public void method1(){}
    
    @PreAuthorize("hasRole(...)")
    public void method2(){}
    PS: In the future please consider use code tags for making the code more readable.

    Comment

    Working...
    X