Home/ Questions/Q 6622127
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T21:21:59+00:00

In Spring 3, is there a method that accepts a comma-separated list of permissions

  • 0

In Spring 3, is there a method that accepts a comma-separated list of permissions and returns a Boolean of whether the logged in user has any of those permissions? I envision doing something like:

if(loggedInUserHasAnyOfThesePermissions("PERMISSION_READ,PERMISSION_EDIT")){
    //do stuff
}

Currently, since don’t know of any such built-in method, I’m doing this:

Set<String> permissions = new HashSet();
for (GrantedAuthority auth : SecurityContextHolder.getContext().getAuthentication().getAuthorities()) {
    permissions.add(auth.getAuthority());
}

if (permissions.contains("PERMISSION_READ") || permissions.contains("PERMISSION_EDIT")) {
    //do stuff
}

I’ve searched for hours and haven’t found a more concise and elegant way of doing this, but one must exist. Thanks for your help!

P.S. I’m already familiar with how to handle permissions in JSP like this: ( how to conditionally show jsp content to logged in users with Spring security ) But what I need now is a way to check within the controller.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I ended up coding my own class: MyUserDetails class has various methods including one that iterates over roles and permissions to see all the permissions that a user has, such as:

    for (Permission permission : role.getPermissions()) {
          permissions.add(new GrantedAuthorityImpl(permission.getName()));
        }

    It’s pretty ugly, but I don’t have a better way yet.

    I use it by doing something like:

    MyUser loggedInUser = myUserDAO.getByUsername(principal.getName());
MyUserDetails loggedInUserUD = new MyUserDetails(loggedInUser);
if (loggedInUserUD.hasAnyPermission("perm1, perm2")){
//do stuff
}
    • 0