发表新帖
发表新帖

Are multiple roles allowed in the @Secured annotation with 'or' condition in Spring Security

前端 未结
关注
3 936
忘掉有多难
忘掉有多难 2020-12-31 02:09

I am using spring and spring security 4 in my project. I have to call my dao method with ROLE_USER or ROLE_TIMER_TASK.

Currently I am using this annotation -

<
相关标签:
3条回答
  • 生来不讨喜
    2020-12-31 02:54

    In addition to the previous answer by holmis83....

    To enable pre- and post- annnotations for method security:

    Java Config:

    @EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig {
// ...
}

    Xml Config:

    <global-method-security pre-post-annotations="enabled"/>
    0 讨论(0)
  • 余生分开走
    2020-12-31 02:55

    For or, use a @PreAuthorize annotation instead:

    @PreAuthorize("hasRole('ROLE_USER') or hasRole('ROLE_TIMER_TASK')")

    In Spring Security version 4 the ROLE_ prefix can be omitted:

    @PreAuthorize("hasRole('USER') or hasRole('TIMER_TASK')")

    Make sure you have pre- and post-annotations enabled in your security config.

    0 讨论(0)
  • 谎友^
    2020-12-31 02:55

    To call the method by any of the role mentioned use:

    @PreAuthorize("hasAnyRole('ROLE_USER','ROLE_TIMER_TASK')")

    and enable pre- and post- annotations in security Class :

    @EnableGlobalMethodSecurity(prePostEnabled = true)
    0 讨论(0)
 看不清?
提交回复
热议问题