java - Using custom method security annotation in spring security -
i want tag methods in class custom annotation control authorization decisions using spring security. example:
@role("admin") public void accesscontrolledmethod(){} i understand means somehow need register custom annotation "role" can result in configattributes being present when authorization decision made accessdecisionmanager. however, not understand how register custom annotation spring security recognized.
i see 1 potential solution in framework code. there class called securedannotationsecuritymetadatasource documentation says "inject annotationmetadataextractor custom annotations". if preferred method, i'm not sure how configure securedannotationsecuritymetadatasource or how inject annotationmetadataextractor it.
you can extend globalmethodsecurityconfiguration in configuration :
@enableglobalmethodsecurity @configuration public class mymethodsecurityconfig extends globalmethodsecurityconfiguration { protected methodsecuritymetadatasource custommethodsecuritymetadatasource() { return securedannotationsecuritymetadatasource(...); } } in xml, can :
<global-method-security metadata-source-ref="custommethodsecuritymetadatasource"> ... </global-method-security> <bean id="custommethodsecuritymetadatasource" class="org.springframework.security.access.annotation.securedannotationsecuritymetadatasource"> ... </bean> custommethodsecuritymetadatasource can instanceof methodsecuritymetadatasource
Comments
Post a Comment