Reputation: 1455
Spring security - How to assign security roles to small groups?
I'm using spring security and have wired it successfully to authenticate users based on roles defined in the authorites table.
I've then protected my resources using AOP eg.
<security:global-method-security >
<security:protect-pointcut expression="execution(* com.test.testService.*(..))" access="IS_AUTHENTICATED_REMEMBERED"/>
</security:global-method-security>
all is well.
But I'd like to be able to use spring security to secure a users access to a particular articles editing rights. There is a boolean flag on a record a user created and only they should be able to access it otherwise a spring security exception should be thrown.
Any help is very much appreciated.
Upvotes: 1
Views: 758
Answers (1)
Reputation: 7522
I think @PreAuthorize annotation may work for you. It takes Spring EL and you can provide access based on a property in principal. Please see What's the difference between @Secured and @PreAuthorize in spring secu 3 ?.
Upvotes: 2
Related Questions
- Spring Security with roles and permissions
- java spring : how can I separate user roles and authorities?
- Best way to implement authorization per group in spring security
- Group and acl on Spring Security
- Spring security access with multiple roles
- Spring security roles and permissions
- Spring security role assignment
- how to use spring security for user role management?
- Spring security roles
- Spring Security Access role