Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Valid use case for @PostAuthorize And @PostFilter annotations

Tags:

We have just migrated to Spring Security 3.0.8 from 2.0.8 (Can' upgrade to the latestversion which is 3.2.X as our core spring libraries are still on 3.0.X, which we plan to upgrade later when business permits).

I understand that we now have annotations for securing methods like @PreAuthorize, @PostAuthorize, @Secured, @PreFilter and @PostFilter.

I understand the use of @PreAuthorize, which really makes sense. But can't think of any valid use cases where you would ever use @PostAuthorize or @PostFilter annotation?

Can somebody who used it please explain to me a reasonable use-case for using them?

Thanks in advance!

like image 305
Aneesh Vijendran Avatar asked Feb 28 '14 10:02

Aneesh Vijendran

People also ask

What is usage of @secured annotation?

Using @Secured Annotation. The @Secured annotation is used to specify a list of roles on a method. So, a user only can access that method if she has at least one of the specified roles.

What is @PreAuthorize annotation in spring boot?

Method-level security is implemented by placing the @PreAuthorize annotation on controller methods (actually one of a set of annotations available, but the most commonly used). This annotation contains a Spring Expression Language (SpEL) snippet that is assessed to determine if the request should be authenticated.

What Spring Security annotation can you use to filter the results of a method?

Simply put, the @PreFilter and @PostFilter annotations are used to filter lists of objects based on custom security rules we define. @PostFilter defines a rule for filtering the return list of a method, by applying that rule to every element in the list.

What is hasRole and hasAnyRole?

hasRole, hasAnyRole. These expressions are responsible for defining the access control or authorization to specific URLs and methods in our application: @Override protected void configure(final HttpSecurity http) throws Exception { ... . antMatchers("/auth/admin/*").

1 Answers

Both the @PostAuthorize and @PostFilter are used, mostly, in combination with ACL. Where the @PostAuthorize will generate an exception if something is returned which one hasn't access to, the @PostFilter will remove the objects one doesn't have access to (in general useful when returning collections of elements).

like image 75
M. Deinum Avatar answered Nov 04 '22 19:11

M. Deinum
Sign in to Comment

Related questions

Python scikit learn Linear Model Parameter Standard Error
Android change and set default locale within the app
Send email to multiple recipients using win32com module in Python
WebAPI method that takes a file upload and additional arguments
Restart Node.js server programmatically
python: mock a module
Pandas - conditionally select source column of data for a new column based on row value
Swift: Subclassing a UIViewController's root view
How can I force cv.glmnet not to drop one specific variable?
Update Variable in TeamCity powershell script
"microsoft visual studio preparation" extremely slow
File based h2 persisted but not loaded in Spring Boot

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!