Multiple roles using @PreAuthorize

by

You can create a custom annotation to validate many roles and conditions. P.e.:

@Retention(RetentionPolicy.RUNTIME)
@PreAuthorize("hasRole(T(com.bs.dmsbox.api.constants.RoleConstants).ROLE_AGENT) " +
        "|| hasRole(T(com.bs.dmsbox.api.constants.RoleConstants).ROLE_ADMIN)" +
        "|| (hasRole(T(com.bs.dmsbox.api.constants.RoleConstants).ROLE_CUSTOMER) && #userId == principal.username)")
public @interface IsAuthenticatedAsAgentOrCustomerIsUserId {
}

Then, you can use this annotation as below:

@IsAuthenticatedAsAgentOrCustomerIsUserId
Folder findByUserIdAndType(@Param("userId") String userId, @Param("typeId") FolderType id);

This annotation validate that user logged as role AGENT or ADMIN. If user has role CUSTOMER validate if userId parameter is equals to user logged

More Related Contents:

  1. Spring boot Security Disable security
  2. How to dynamically decide access attribute value in Spring Security?
  3. What’s the difference between @Secured and @PreAuthorize in spring security 3?
  4. Java Spring Security config – multiple authentication providers
  5. Standalone Spring OAuth2 JWT Authorization Server + CORS
  6. Spring Security: how to exclude certain resources?
  7. Feign and Spring Security 5 – Client Credentials
  8. Spring security 3.1.4 and ShaPasswordEncoder deprecation
  9. Multiple Authentication Providers in Spring Security
  10. CORS issue – No ‘Access-Control-Allow-Origin’ header is present on the requested resource
  11. How to fix role in Spring Security?
  12. Spring Security Configuration – HttpSecurity vs WebSecurity
  13. Spring Boot Security CORS
  14. Handle spring security authentication exceptions with @ExceptionHandler
  15. How to manage exceptions thrown in filters in Spring?
  16. Spring Security 3 database authentication with Hibernate
  17. How to pass an additional parameter with spring security login page
  18. Spring Security redirect to previous page after successful login
  19. How can I have list of all users logged in (via spring security) my web application
  20. Spring Security and JSON Authentication
  21. How can I use Spring Security without sessions?
  22. How to check “hasRole” in Java Code with Spring Security?
  23. Logout/Session timeout catching with spring security
  24. Spring security does not allow CSS or JS resources to be loaded
  25. how to display custom error message in jsp for spring security auth exception
  26. Securing Spring Boot API with API key and secret
  27. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  28. How to set the max size of upload file
  29. Spring Boot: How to specify the PasswordEncoder?
  30. Cross-Origin Resource Sharing with Spring Security

Leave a Comment