In my spring application, the methods from my controller and service classes have this annotation to security purposes:
@PreAuthorize("hasPermission(#user, 'cadastra')")
the second argument, the permission, should have this format:
<<action_name>>_<<class_name>>
What expression I should use to accomplish that, taking in consideration the class name is held by this.getClass().getName()
?
Concatenation is the process of appending one string to the end of another string. You concatenate strings by using the + operator. For string literals and string constants, concatenation occurs at compile time; no run-time concatenation occurs.
The Spring Expression Language (SpEL for short) is a powerful expression language that supports querying and manipulating an object graph at runtime. The language syntax is similar to Unified EL but offers additional features, most notably method invocation and basic string templating functionality.
Using ExpressionParser. ExpressionParser is responsible for parsing expression strings. In this example, SpEL parser will simply evaluate the string 'Any String' as an expression.
To concatenate two strings in Spring EL you use concat
function . See here for more details :
Spring EL docs
for example, I used the following :
@PreAuthorize("hasRole('ROLE_'.concat(this.class.simpleName))")
I finally solve this. I add a new method in my controller:
public String getName() {
String nome_classe = entityClass.getSimpleName();
System.out.println("getName nome_class = "+nome_classe);
return nome_classe;
}
and now I use the annotation in that way:
@PreAuthorize("hasPermission(#user, 'cadastra_'+#this.this.name)")
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With