Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added example of @Secured use and some extra explanation

This commit is contained in:
Luke Taylor 2008-08-07 19:10:53 +00:00
parent fb3d0b7f25
commit e5d2578aec
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/docbkx/namespace-config.xml
View File

@ -639,7 +639,7 @@
<para> <para>
Spring Security 2.0 has improved support substantially for adding security to your service layer methods. If you are Spring Security 2.0 has improved support substantially for adding security to your service layer methods. If you are
using Java 5 or greater, then support for JSR-250 security annotations is provided, as well as the framework's native using Java 5 or greater, then support for JSR-250 security annotations is provided, as well as the framework's native
<literal>@secured</literal> annotation. You can apply security to a single bean, using the <literal>intercept-methods</literal> <literal>@Secured</literal> annotation. You can apply security to a single bean, using the <literal>intercept-methods</literal>
element to decorate the bean declaration, or you can secure multiple beans across the entire service layer using the element to decorate the bean declaration, or you can secure multiple beans across the entire service layer using the
AspectJ style pointcuts. AspectJ style pointcuts.
</para> </para>
@ -647,14 +647,32 @@
<section xml:id="ns-global-method"> <section xml:id="ns-global-method">
<title>The <literal>&lt;global-method-security&gt;</literal> Element</title> <title>The <literal>&lt;global-method-security&gt;</literal> Element</title>
<para> <para>
This element is used to enable annotation based security in your application (by setting the appropriate This element is used to enable annotation-based security in your application (by setting the appropriate
attributes on the element), and also to group together security pointcut declarations which will be applied across your attributes on the element), and also to group together security pointcut declarations which will be applied across your
entire application context. You should only declare one <literal>&lt;global-method-security&gt;</literal> element. entire application context. You should only declare one <literal>&lt;global-method-security&gt;</literal> element.
The following declaration would enable support for both types of annotations: The following declaration would enable support for both Spring Security's <literal>@Secured</literal>, and JSR-250 annotations:
<programlisting><![CDATA[ <programlisting><![CDATA[
<global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/> <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/>
]]> ]]>
</programlisting> </programlisting>
Adding an annotation to a method (on an class or interface) would then limit the access to that method
accordingly. Spring Security's native annotation support defines a set of attributes for the method. These
will be passed to the <interfacename>AccessDecisionManager</interfacename> for it to make the actual decision.
This example is taken from the <link xlink:href="#tutorial-sample">tutorial sample</link>, which is a good
starting point if you want to use method security in your application:
<programlisting>
public interface BankService {
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
public Account readAccount(Long id);
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
public Account[] findAccounts();
@Secured("ROLE_TELLER")
public Account post(Account account, double amount);
}
</programlisting>
</para> </para>
<section xml:id="ns-protect-pointcut"> <section xml:id="ns-protect-pointcut">
<title>Adding Security Pointcuts using <literal>protect-pointcut</literal></title> <title>Adding Security Pointcuts using <literal>protect-pointcut</literal></title>