I showed you how to provide basic security in spring mvc with intercept url patterns in here. Now with that knowledge let's see how to provide method level security.
This can be achieved by using @Preauthorize annotation. First you need to enable it. For that you need to add the following line to your dispatcher servlet.
<global-method-security
pre-post-annotations="enabled" />
Then you can use @Preauthorize annotation.
eg : @PreAuthorize("isAuthenticated() and hasRole('ROLE_ADMIN')")
In the above example the method is allowed to execute if the user is authenticated and has the ROLE_ADMIN role.
How ever you can use @Secure annotation as well. For that you need to add the following line to your dispatcher servlet.
<global-method-security secured-annotations="enabled" />
How ever the first method gives you more flexibility to handle the permissions as it is based on expressions.
This can be achieved by using @Preauthorize annotation. First you need to enable it. For that you need to add the following line to your dispatcher servlet.
<global-method-security
pre-post-annotations="enabled" />
Then you can use @Preauthorize annotation.
eg : @PreAuthorize("isAuthenticated() and hasRole('ROLE_ADMIN')")
In the above example the method is allowed to execute if the user is authenticated and has the ROLE_ADMIN role.
How ever you can use @Secure annotation as well. For that you need to add the following line to your dispatcher servlet.
<global-method-security secured-annotations="enabled" />
How ever the first method gives you more flexibility to handle the permissions as it is based on expressions.
No comments:
Post a Comment