So I have something like the following:
public interface MyService {
@PreAuthorize("hasPermission(T(Name).OBJ, T(Action).GET)")
MyObj getObj(String id);
}
@Service
public class MyServiceImpl implements MyService {
@Override
@Transactional
public MyObj getObj(String id){
return dao.get(id);
}
}
@Controller
public class MyController {
@Resource(name="myServiceImpl")
private MyService service;
public MyObj getObj(String id){
return service.getObj(id);
}
}
When the method getObj(id)
is called, everything is wrapped in a transaction first, then authorization is checked. Is is possible to keep this configuration and first get Spring to check for authorization, then create the transaction if the user is authorized?
I've spent a good deal searching for an answer and could not find anything.
You can use order
attribute when configuring @Transactional
:
<tx:annotation-driven order="100"/>
Experiment with lower values to move transaction aspect after the authorization one. Looks like <security:global-method-security/>
also has this setting. The security aspect needs to have a higher value (lower priority) to be executed first.
Table 10.2. settings
7.2.4.7 Advice ordering
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With