开发者

Spring security - How to assign security roles to small groups?

开发者 https://www.devze.com 2023-02-12 04:01 出处：网络

I\'m using spring security and have wired it successfully to authenticate users based on roles defined in the authorites table.

相关专题：spring-security

I'm using spring security and have wired it successfully to authenticate users based on roles defined in the authorites table.

I've then protected my resources using AOP e开发者_如何转开发g.

<security:global-method-security >
        <security:protect-pointcut expression="execution(* com.test.testService.*(..))" access="IS_AUTHENTICATED_REMEMBERED"/>
</security:global-method-security>

all is well.

But I'd like to be able to use spring security to secure a users access to a particular articles editing rights. There is a boolean flag on a record a user created and only they should be able to access it otherwise a spring security exception should be thrown.

Any help is very much appreciated.

I think @PreAuthorize annotation may work for you. It takes Spring EL and you can provide access based on a property in principal. Please see What's the difference between @Secured and @PreAuthorize in spring secu 3 ?.