Applying @PreAuthorize to a method contained in a Spring Roo-generated ITD (*.aj)

StackOverflow https://stackoverflow.com/questions/22490026

Question

I would like to apply the Spring Security @PreAuthorize annotation to a service method defined in the following Spring Roo ITD (without performing a push in refactor of the method):

privileged aspect CurriculumServiceImpl_Roo_Service {

  declare @type: CurriculumServiceImpl: @Service;

  declare @type: CurriculumServiceImpl: @Transactional;


  public Curriculum CurriculumServiceImpl.updateCurriculum(Curriculum curriculum) {
    return curriculumRepository.save(curriculum);
  }

Is this possible? If so how?

Was it helpful?

Solution

There is a way to achieve this using Spring Roo: See detailed comment here.

To quote the comment:

If you want try and use the PermissionEvaluator, follow these steps (preferably on a test project).

  1. Run the Roo command "permissionEvaluator --package {the package to which you want to add the PermissionEvaluator} " (security must be installed first)

  2. Spring Roo will create three files: ApplicationPermissionEvaluator, ApplicationPermissionEvaluator_Roo_PermissionEvaluator, applicationContext-security-permissionEvaluator.xml.

  3. Add userPermissionEvalutor=true to the @RooService annotation of the service you want to secure.

  4. Spring Roo will append additional criteria to @PreAuthorize e.g. "OR hasPermission(#myDomanObject, 'MyService:deleteMyDomainObjectIsAllowed')"

  5. Add/Update the method hasPermission(Authentication authentication, Object targetObject, Object permission)) in ApplicationPermissionEvaluator

By the way performing a push in refactor is not a solution for my application. It is always better to go the Roo way and rely on Roo features.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top