Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-13 07:32:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1529: More user-friendly expression @PreAuthorize expression in EL chapter.

Browse Source
This commit is contained in:
Luke Taylor 2010-08-05 18:17:25 +01:00
parent 1a9b7e1b6f
commit f6abc24ed6
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/manual/src/docbook/el-access.xml
View File

@ -154,14 +154,16 @@
within the expression, so you can also access properties on the arguments. For within the expression, so you can also access properties on the arguments. For
example, if you wanted a particular method to only allow access to a user whose example, if you wanted a particular method to only allow access to a user whose
username matched that of the contact, you could write</para> username matched that of the contact, you could write</para>
<programlisting> @PreAuthorize("#contact.name == principal.name)") <programlisting>
@PreAuthorize("#contact.name == authentication.name")
public void doSomething(Contact contact);</programlisting> public void doSomething(Contact contact);</programlisting>
<para>Here we are accessing another builtin expression, which is the <para>Here we are accessing another builtin expression, <literal>authentication</literal>,
<literal>principal</literal> of the current Spring Security which is the <interfacename>Authentication</interfacename> stored in the
<interfacename>Authentication</interfacename> object obtained from the security context. You can also access its <quote>principal</quote> property
security context. You can also access the directly, using the expression <literal>principal</literal>. The value will
<interfacename>Authentication</interfacename> object itself directly using often be a <interfacename>UserDetails</interfacename> instance, so you might use an
the expression name <literal>authentication</literal>.</para> expression like <literal>principal.username</literal> or
<literal>principal.enabled</literal>.</para>
<para>Less commonly, you may wish to perform an access-control check after the <para>Less commonly, you may wish to perform an access-control check after the
method has been invoked. This can be achieved using the method has been invoked. This can be achieved using the
<literal>@PostAuthorize</literal> annotation. To access the return value <literal>@PostAuthorize</literal> annotation. To access the return value