SEC-999: Expression language based access decision support #1250

spring-issuemaster opened this Issue Oct 2, 2008 · 4 comments


None yet

1 participant


Migrated from SEC-999


Garth Dahlstrom said:

It would be really cool, if we could secure method level access by role and data ownership using a conditional role annotation.

@Secured({"ROLE_TELLER::userAuth.clientList.containsKey(arg0) }) account readAccount(int clientId);

where userAuth is an object containing user authorizations (spring security context or something like that… I’m guessing).

I noticed there was an example relating to something like this @ :
@Secured({"ROLE_USER::authentication.principal.customerId == arg0" })
void addItem(Integer customerId, Integer itemId, Integer amount);


Luke Taylor said:

Working on web expressions and standard way of configuration a handler/parser.


Luke Taylor said:

Closing as the basic implementation for M1 is complete. We need to add better support for plugging in extra expressions and will add other features based on feedback.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016

This issue supersedes #1243
This issue supersedes #534

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment