From e5d2578aece20b9375e8cb4063f13d48b22a1fff Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Thu, 7 Aug 2008 19:10:53 +0000 Subject: [PATCH] Added example of @Secured use and some extra explanation --- src/docbkx/namespace-config.xml | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/src/docbkx/namespace-config.xml b/src/docbkx/namespace-config.xml index 1c404199d4..995107f8f7 100644 --- a/src/docbkx/namespace-config.xml +++ b/src/docbkx/namespace-config.xml @@ -639,7 +639,7 @@ Spring Security 2.0 has improved support substantially for adding security to your service layer methods. If you are using Java 5 or greater, then support for JSR-250 security annotations is provided, as well as the framework's native - @secured annotation. You can apply security to a single bean, using the intercept-methods + @Secured annotation. You can apply security to a single bean, using the intercept-methods element to decorate the bean declaration, or you can secure multiple beans across the entire service layer using the AspectJ style pointcuts. @@ -647,14 +647,32 @@
The <literal><global-method-security></literal> Element - This element is used to enable annotation based security in your application (by setting the appropriate + This element is used to enable annotation-based security in your application (by setting the appropriate attributes on the element), and also to group together security pointcut declarations which will be applied across your entire application context. You should only declare one <global-method-security> element. - The following declaration would enable support for both types of annotations: + The following declaration would enable support for both Spring Security's @Secured, and JSR-250 annotations: ]]> - + + Adding an annotation to a method (on an class or interface) would then limit the access to that method + accordingly. Spring Security's native annotation support defines a set of attributes for the method. These + will be passed to the AccessDecisionManager for it to make the actual decision. + This example is taken from the tutorial sample, which is a good + starting point if you want to use method security in your application: + + public interface BankService { + + @Secured("IS_AUTHENTICATED_ANONYMOUSLY") + public Account readAccount(Long id); + + @Secured("IS_AUTHENTICATED_ANONYMOUSLY") + public Account[] findAccounts(); + + @Secured("ROLE_TELLER") + public Account post(Account account, double amount); + } +
Adding Security Pointcuts using <literal>protect-pointcut</literal>