Multiple roles using @PreAuthorize
You can create a custom annotation to validate many roles and conditions. P.e.: @Retention(RetentionPolicy.RUNTIME) @PreAuthorize(“hasRole(T(com.bs.dmsbox.api.constants.RoleConstants).ROLE_AGENT) ” + “|| hasRole(T(com.bs.dmsbox.api.constants.RoleConstants).ROLE_ADMIN)” + “|| (hasRole(T(com.bs.dmsbox.api.constants.RoleConstants).ROLE_CUSTOMER) && #userId == principal.username)”) public @interface IsAuthenticatedAsAgentOrCustomerIsUserId { } Then, you can use this annotation as below: @IsAuthenticatedAsAgentOrCustomerIsUserId Folder findByUserIdAndType(@Param(“userId”) String userId, @Param(“typeId”) FolderType id); This annotation validate that user logged as role … Read more