Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-999: Expression language based access decision support #1250

spring-issuemaster opened this Issue Oct 2, 2008 · 4 comments


None yet
1 participant

Migrated from SEC-999

Garth Dahlstrom said:

It would be really cool, if we could secure method level access by role and data ownership using a conditional role annotation.

@Secured({"ROLE_TELLER::userAuth.clientList.containsKey(arg0) }) account readAccount(int clientId);

where userAuth is an object containing user authorizations (spring security context or something like that… I’m guessing).

I noticed there was an example relating to something like this @ http://blog.gomilko.com/2008/01/12/acegi-conditional-roles/ :
@Secured({"ROLE_USER::authentication.principal.customerId == arg0" })
void addItem(Integer customerId, Integer itemId, Integer amount);

Luke Taylor said:

Working on web expressions and standard way of configuration a handler/parser.

Luke Taylor said:

Closing as the basic implementation for M1 is complete. We need to add better support for plugging in extra expressions and will add other features based on feedback.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016

This issue supersedes #1243
This issue supersedes #534

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment