Reputation: 372
How does Spring Security check @PreAuthorize and how does it call hasAuthority() method?
When I use Spring Security I found @PreAuthorize("hasAuthority('authority_name')")
How does Spring Security check @PreAuthorize and how does it call hasAuthority() method?
Upvotes: 1
Views: 1863
Answers (1)
Reputation: 120851
Spring Security (@PreAuthorize) use a SPEL (Spring Expression Language) expression that invoke an Object returned from a MethodSecurityExpressionHandler.
The default implementation for
MethodSecurityExpressionHandler is DefaultMethodSecurityExpressionHandler. It create an instance of MethodSecurityExpressionRoot and then process the SPEL expression on it.
MethodSecurityExpressionRoot extends SecurityExpressionRoot, and that provides the hasAuthority method, that bekome invoked when you use it in a @PreAuthorize Annotation.
Upvotes: 1
Related Questions
- How does Spring Security hasRole with PreAuthorize works under the hood?
- Security config when using @PreAuthorize
- Can anyone give an insight to how the @PreAuthorize annotation works?
- Can Spring Security use @PreAuthorize on Spring controllers methods?
- Spring security - @PreAuthorize not working
- With which methods does @Secured and @PreAuthorize annotation work?
- Spring security use of @PreAuthorize
- From where hasRole from @PreAuthorize take its values in Spring?
- Spring Security: @PreAuthorized("hasAuthority()") Not Being Checked
- Spring Security: Unsure of pre-authentication method