Spring security - How to assign security roles to small groups?

Question

I'm using spring security and have wired it successfully to authenticate users based on roles defined in the authorites table.

I've then protected my resources using AOP eg.

<security:global-method-security >
        <security:protect-pointcut expression="execution(* com.test.testService.*(..))" access="IS_AUTHENTICATED_REMEMBERED"/>
</security:global-method-security>

all is well.

But I'd like to be able to use spring security to secure a users access to a particular articles editing rights. There is a boolean flag on a record a user created and only they should be able to access it otherwise a spring security exception should be thrown.

Any help is very much appreciated.

score 2 · Accepted Answer · edited May 23 '17 at 10:24

2

I think @PreAuthorize annotation may work for you. It takes Spring EL and you can provide access based on a property in principal. Please see What's the difference between @Secured and @PreAuthorize in spring secu 3 ?.

edited May 23 '17 at 10:24

Community

1
1

answered Feb 21 '11 at 21:11

Ritesh

7,322
2
38
42

Thanks Ritesh. I shall try this and report back. – jaseFace Feb 22 '11 at 14:13

Spring security - How to assign security roles to small groups?

1 Answers1