Are multiple roles allowed in the @Secured annotation with 'or' condition in Spring Security

Question

I am using spring and spring security 4 in my project. I have to call my dao method with ROLE_USER or ROLE_TIMER_TASK.

Currently I am using this annotation -

<

Answer 1

To call the method by any of the role mentioned use:

@PreAuthorize("hasAnyRole('ROLE_USER','ROLE_TIMER_TASK')")

and enable pre- and post- annotations in security Class :

@EnableGlobalMethodSecurity(prePostEnabled = true)