Home/ Questions/Q 7428393
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T08:44:20+00:00

For example: @PreAuthorize(hasRole(‘admin’) && hasPermission(‘save’, #user)) void updateUser(User user) { // some code }

  • 0

For example:

@PreAuthorize("hasRole('admin') && hasPermission('save', #user)")
void updateUser(User user) {
  // some code
}

And some example implementation without PreAuthorize.

void updateUser(User user) {
  Security.hasRole(Roles.ADMIN);
  Security.hasPermission(Permission.SAVE, user);
  // some code
}

The second example is more easy to understand. Can be refactored by IDE (rename role, or find all role usages). Code check at compile time. Work more fast. And may other advantages.

Why spring-security developers chose annotations and SpEL? Can some-one explain it?

Only one reason what i can find – more easy access to ApplicationContext. But as far as i can see, spring security any way work through SecurityContextHolder singleton.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The most advantage (from my point of view) is, that it can be easily deactivated (or more correct, not activated) in test.

    So I can write my tests (unit test, functional test, …) without paying any attention to the security stuff. So that the tests can concentrate on the function they want to test.

    Of course this is also possible with the “explicit” version (second example), but then I need to take care about it in the test, that would make the tests longer (more code) and also means more stuff to maintain.

    • 0