Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Multiple roles using @PreAuthorize

Tags:

spring-security

jhipster

To check multiple roles has the method level access

I have used @PreAuthorize annotation to check the role

@PreAuthorize("hasRole(\"" + AuthoritiesConstants.USER + "\",)" )

How to check multiple roles using @PreAuthorize annotaion?

like image 338
P Rajesh Avatar asked Jul 29 '19 05:07

P Rajesh

People also ask

What is the use of @PreAuthorize annotation?

The @PreAuthorize annotation checks the given expression before entering the method, whereas the @PostAuthorize annotation verifies it after the execution of the method and could alter the result.

What's the difference between @secured and @PreAuthorize in Spring Security?

The real difference is that @PreAuthorize can work with Spring Expression Language (SpEL). You can: Access methods and properties of SecurityExpressionRoot . (Advanced feature) Add your own methods (override MethodSecurityExpressionHandler and set it as <global-method-security><expression-handler ... /></...> ).

What is @PreAuthorize annotation in spring boot?

Method-level security is implemented by placing the @PreAuthorize annotation on controller methods (actually one of a set of annotations available, but the most commonly used). This annotation contains a Spring Expression Language (SpEL) snippet that is assessed to determine if the request should be authenticated.

What is @secured annotation?

The Secured annotation is used to define a list of security configuration attributes for business methods. This annotation can be used as a Java 5 alternative to XML configuration.

1 Answers

@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")

hasAnyRole() 

When you need to support multiple roles, you can use the hasAnyRole() expression.

@PreAuthorize("hasAnyRole('ADMIN','DB-ADMIN')")

https://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html https://www.appsdeveloperblog.com/spring-security-preauthorize-annotation-example/

like image 179
Oleh Tatsiun Avatar answered Sep 19 '22 18:09

Oleh Tatsiun
Sign in to Comment

Related questions

"HTTP Status 401 - Authentication Failed: Incoming SAML message is invalid" with Salesforce as IdP for implementating SSO
Spring OAuth2 Generate Access Token per request to the Token Endpoint
Java + Spring Boot: I am trying to add CacheControl header to ResponseEntity
How to store custom information in SecurityContext of spring-security?
Spring alternative for Scala or Spring?
determine target url based on roles in spring security 3.1
Spring Security: custom userdetails
Spring SAML Extension and Spring Security CSRF Protection Conflict
PreAuthentication with Spring Security -> Based on URL parameters
How to call JHipster (Spring) OAuth2 Rest server using Postman Authentication helpers
Is it possible to invalidate a spring security session?
spring security custom AuthenticationProvider is called twice and fails
Nginx Reverse Proxy Websocket Authentication - HTTP 403
Filter invoke twice when register as Spring bean
Run unit tests on controllers that require authentication
How to read value of SAML attribute received from the IdP?
Injecting Custom Principal to Controllers by Spring Security
How to impersonate user using SwitchUserFilter in Spring?
Spring-Security 3.1 java.lang.ClassNotFoundException: org.springframework.security.taglibs.authz.AuthorizeTag
Get error stating that "methodSecurityInterceptor" is already defined when extend GlobalMethodSecurityConfiguration in SPring Boot 2.1.1

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!