diff --git a/docs/manual/src/docbook/el-access.xml b/docs/manual/src/docbook/el-access.xml index e1dda5458a..7642c3a006 100644 --- a/docs/manual/src/docbook/el-access.xml +++ b/docs/manual/src/docbook/el-access.xml @@ -154,14 +154,16 @@ within the expression, so you can also access properties on the arguments. For example, if you wanted a particular method to only allow access to a user whose username matched that of the contact, you could write - @PreAuthorize("#contact.name == principal.name)") + + @PreAuthorize("#contact.name == authentication.name") public void doSomething(Contact contact); - Here we are accessing another built–in expression, which is the - principal of the current Spring Security - Authentication object obtained from the - security context. You can also access the - Authentication object itself directly using - the expression name authentication. + Here we are accessing another built–in expression, authentication, + which is the Authentication stored in the + security context. You can also access its principal property + directly, using the expression principal. The value will + often be a UserDetails instance, so you might use an + expression like principal.username or + principal.enabled. Less commonly, you may wish to perform an access-control check after the method has been invoked. This can be achieved using the @PostAuthorize annotation. To access the return value