Advertisement
Guest User

Untitled

a guest
Feb 21st, 2019
72
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.93 KB | None | 0 0
  1. <security:http auto-config="true" use-expressions="true" ...>
  2. ...
  3. <security:intercept-url pattern="/forAll/**" access="permitAll" />
  4. <security:intercept-url pattern="/**" access="isAuthenticated()" />
  5. </security:http>
  6.  
  7. @Secured("ROLE_ADMIN")
  8. @RequestMapping(params = "onlyForAdmins")
  9. public ModelAndView onlyForAdmins() {
  10. ....
  11. }
  12.  
  13. @PreAuthorize("isAuthenticated()")
  14. @RequestMapping(params = "onlyForAuthenticated")
  15. public ModelAndView onlyForAuthenticatedUsers() {
  16. ....
  17. }
  18.  
  19. SecurityContextHilder.getContext().getAuthentication() != null &&
  20. SecurityContextHilder.getContext().getAuthentication().isAuthenticated()
  21.  
  22. public class MyCustomWebSecurityExpressionRoot
  23. extends WebSecurityExpressionRoot {
  24. public MyCustomWebSecurityExpressionRoot(Authentication a,
  25. FilterInvocation f) {
  26. super(a, f);
  27. }
  28.  
  29. /** That method is the one that does the expression evaluation! */
  30. public boolean myCustomAuthenticatedExpression() {
  31. return super.request.getSession().getValue("myFlag") != null;
  32. }
  33. }
  34.  
  35. public class MyCustomWebSecurityExpressionHandler
  36. extends DefaultWebSecurityExpressionHandler {
  37.  
  38. @Override
  39. public EvaluationContext createEvaluationContext(Authentication a,
  40. FilterInvocation f) {
  41. StandardEvaluationContext ctx =
  42. (StandardEvaluationContext) super.createEvaluationContext(a, f);
  43.  
  44. WebSecurityExpressionRoot myRoot =
  45. new MyCustomWebSecurityExpressionRoot(a, f);
  46.  
  47. ctx.setRootObject(myRoot);
  48. return ctx;
  49. }
  50. }
  51.  
  52. <bean class="MyCustomWebSecurityExpressionHandler"
  53. id="myCustomWebSecurityExpressionHandler" />
  54.  
  55. <bean class="org.springframework.security.web.access.expression.WebExpressionVoter"
  56. id="expressionVoter">
  57. <property name="expressionHandler"
  58. ref="myCustomWebSecurityExpressionHandler" />
  59. </bean>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement