Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <security:http auto-config="true" use-expressions="true" ...>
- ...
- <security:intercept-url pattern="/forAll/**" access="permitAll" />
- <security:intercept-url pattern="/**" access="isAuthenticated()" />
- </security:http>
- @Secured("ROLE_ADMIN")
- @RequestMapping(params = "onlyForAdmins")
- public ModelAndView onlyForAdmins() {
- ....
- }
- @PreAuthorize("isAuthenticated()")
- @RequestMapping(params = "onlyForAuthenticated")
- public ModelAndView onlyForAuthenticatedUsers() {
- ....
- }
- SecurityContextHilder.getContext().getAuthentication() != null &&
- SecurityContextHilder.getContext().getAuthentication().isAuthenticated()
- public class MyCustomWebSecurityExpressionRoot
- extends WebSecurityExpressionRoot {
- public MyCustomWebSecurityExpressionRoot(Authentication a,
- FilterInvocation f) {
- super(a, f);
- }
- /** That method is the one that does the expression evaluation! */
- public boolean myCustomAuthenticatedExpression() {
- return super.request.getSession().getValue("myFlag") != null;
- }
- }
- public class MyCustomWebSecurityExpressionHandler
- extends DefaultWebSecurityExpressionHandler {
- @Override
- public EvaluationContext createEvaluationContext(Authentication a,
- FilterInvocation f) {
- StandardEvaluationContext ctx =
- (StandardEvaluationContext) super.createEvaluationContext(a, f);
- WebSecurityExpressionRoot myRoot =
- new MyCustomWebSecurityExpressionRoot(a, f);
- ctx.setRootObject(myRoot);
- return ctx;
- }
- }
- <bean class="MyCustomWebSecurityExpressionHandler"
- id="myCustomWebSecurityExpressionHandler" />
- <bean class="org.springframework.security.web.access.expression.WebExpressionVoter"
- id="expressionVoter">
- <property name="expressionHandler"
- ref="myCustomWebSecurityExpressionHandler" />
- </bean>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement