- I want to make method level security for my spring application.
- The security design is as follows: User > Roles > Permissions
- Well when i use
@PreAuthorizewithhasRoleit works fine. - But when i try to use it with
hasPermission, it doesn’t work. - I found that i should use Spring ACL for such approach, but it seems to be over-killing for the requirement.
- So is there’s any way to define role permissions in xml file, or any other workarounds or other ways to get method level security works with permissions instead of roles, and withour using ACL.
- If there’s no way but to use ACL, then please suggest me a good example
I want to make method level security for my spring application. The security design
Share
Please read the article on the following site:
http://springinpractice.com/2010/10/27/quick-tip-spring-security-role-based-authorization-and-permissions/
The main thing is you will need to implement the UserDetails interface. It says
“the UserDetails interface simply exposes the permissions (not the roles) via the getAuthorities() method”