Home/ Questions/Q 7679933
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T17:59:34+00:00

I am new to Spring Security. I have been working on creating a custom

  • 0

I am new to Spring Security. I have been working on creating a custom voter that will decide whether to grant permission or not based on the value of an attribute of the object. That is, if object instance A has attribute X with value i, user with ROLE_MGR has access. If object instance B has value j in the X attribute, then ROLE_MGR does not have access. is it possible to do that and if so, what do I need to do? if this is not possible we may decide not to use Spring Security.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I figured it out. I need to use a custom permission evaluator. The snippets from my code are provided below for anyone that might be trying to do something similar:

    security.xml

    <security:global-method-security
    pre-post-annotations="enabled">
    <security:expression-handler ref="expressionHandler" />
</security:global-method-security>

<bean id="expressionHandler"
    class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
    <property name="permissionEvaluator">
        <bean id="permissionEvaluator"
            class="org.krams.tutorial.infrastructure.SomePermissionsEvaluator" />
    </property>
</bean>

    Service Interface
    @PostFilter(“hasPermission(filterObject, ‘READ’)”)
    public List getAll();

    Custom Permissions Evaluator

    @Override
public boolean hasPermission(Authentication authorities,
        Object targetDomainObject, Object permission) {

    boolean Decision = false;
    System.out.println("Initial Decision: " + Decision);

    Date cutoffDate = null;
    try {
        cutoffDate = new SimpleDateFormat("MMMM d, yyyy", Locale.ENGLISH)
                .parse("January 1, 2012");
        System.out.println("Cutoff Date: " + cutoffDate.toString());
    } catch (ParseException e) {
        e.printStackTrace();
    }

    System.out.println("Domain Object Date: "
            + Post.class.cast(targetDomainObject).getDate());

    if (Post.class.cast(targetDomainObject).getDate().before(cutoffDate)) {
        Decision = false;
        System.out.println("In before");
    } else {
        Decision = true;
        System.out.println("In after");
    }
    System.out.println("Final Decision: " + Decision);
    System.out.println("--------");
    return Decision;
}
    • 0