Reputation: 18133
Is there a way to access the roles specified in @Secured?
We're using Spring Security to secure our controller methods. Let's say I've got a controller that allows me to edit Foo.
@Controller
@Secured({"FOO_ADMINISTRATOR"})
public class FooEditorController {
...
}
Now I need to add a menu to my UI that let's the user access the Foo Editor. But I only want to present that menu option to users with permission to access the FooEditorController. Further, I would like to keep the information in exactly one place if possible. That is, when I specify that the menu option for the Foo Editor is limited to those with the FOO_ADMINISTRATOR role, I'd like to simply query the FooEditorController and ask it what roles are required. That way, this information is defined in one place.
(I've tried creating arrays of roles and using those in both places, but the @Secured annotation doesn't allow this. @Secured requires an array initializer.)
Or perhaps there's a much better way of tackling this problem?
Upvotes: 1
Views: 187
Answers (1)
Reputation: 34776
If you want to access the roles specified in a @Secured annotation (or values specified in any annotation for that matter), you can use reflection to achieve that:
String[] roles = FooEditorController.class.getAnnotation(Secured.class).value();
Upvotes: 1
Related Questions
- How can I get the current user roles from Spring security 3.1
- How to access role in JSP using spring security?
- Spring Security role hierarchy @Secured JavaConfig
- How does @Secured know what role a user is from database?
- How to know all roles a user has in Spring security
- Spring security @secure not working with role hierarchy
- Spring security roles
- spring security list of available roles
- Spring Security Access role
- @Secured throws AccessDeniedException although roles are correct