Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1529: More user-friendly expressions on method annotations in EL chapter.

Browse Source
This commit is contained in:
Luke Taylor 2010-08-05 18:14:11 +01:00
parent 413b2a06e3
commit e2ba500c3c
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/manual/src/docbook/el-access.xml
View File

@ -157,14 +157,15 @@
if you wanted a particular method to only allow access to a user whose username if you wanted a particular method to only allow access to a user whose username
matched that of the contact, you could write</para> matched that of the contact, you could write</para>
<programlisting> <programlisting>
@PreAuthorize("#contact.name == principal.name)") @PreAuthorize("#contact.name == authentication.name")
public void doSomething(Contact contact);</programlisting> public void doSomething(Contact contact);</programlisting>
<para>Here we are accessing another builtin expression, which is the <para>Here we are accessing another builtin expression, <literal>authentication</literal>,
<literal>principal</literal> of the current Spring Security which is the <interfacename>Authentication</interfacename> stored in the
<interfacename>Authentication</interfacename> object obtained from the security security context. You can also access its <quote>principal</quote> property
context. You can also access the <interfacename>Authentication</interfacename> directly, using the expression <literal>principal</literal>. The value will
object itself directly using the expression name often be a <interfacename>UserDetails</interfacename> instance, so you might use an
<literal>authentication</literal>.</para> expression like <literal>principal.username</literal> or
<literal>principal.enabled</literal>.</para>
<para>Less commonly, you may wish to perform an access-control check after the <para>Less commonly, you may wish to perform an access-control check after the
method has been invoked. This can be achieved using the method has been invoked. This can be achieved using the
<literal>@PostAuthorize</literal> annotation. To access the return value from a <literal>@PostAuthorize</literal> annotation. To access the return value from a

6
docs/manual/src/docbook/introduction.xml
View File

@ -260,10 +260,10 @@
</section> </section>
<section xml:id="spring-security-config"> <section xml:id="spring-security-config">
<title>Config - <literal>spring-security-config.jar</literal></title> <title>Config - <literal>spring-security-config.jar</literal></title>
<para>Contains the security namespace parsing code (and hence nothing that you are <para>Contains the security namespace parsing code. You need it if you are using the
likely yo use directly in your application). You need it if you are using the
Spring Security XML namespace for configuration. The main package is Spring Security XML namespace for configuration. The main package is
<literal>org.springframework.security.config</literal>.</para> <literal>org.springframework.security.config</literal>. None of the
classes are intended for direct use in an application.</para>
</section> </section>
<section xml:id="spring-security-ldap"> <section xml:id="spring-security-ldap">
<title>LDAP - <literal>spring-security-ldap.jar</literal></title> <title>LDAP - <literal>spring-security-ldap.jar</literal></title>