I'm using spring security and have wired it successfully to authenticate users based on roles defined in the authorites table.
I've then protected my resources using AOP e开发者_如何转开发g.
<security:global-method-security >
<security:protect-pointcut expression="execution(* com.test.testService.*(..))" access="IS_AUTHENTICATED_REMEMBERED"/>
</security:global-method-security>
all is well.
But I'd like to be able to use spring security to secure a users access to a particular articles editing rights. There is a boolean flag on a record a user created and only they should be able to access it otherwise a spring security exception should be thrown.
Any help is very much appreciated.
I think @PreAuthorize annotation may work for you. It takes Spring EL and you can provide access based on a property in principal. Please see What's the difference between @Secured and @PreAuthorize in spring secu 3 ?.
精彩评论