https://stackoverflow.com/questions/14366291
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianTry with this expression :
<protect-pointcut expression="execution(* your.package.controller.*.*(..))" access="ROLE_ADMIN"/>
A simple pointcut expression in Spring
-
16-01-2022 - |
Question
I'm using Spring security 3.2.0 with the same version of the Spring framework. Spring security works well in my project. In order to protect methods in my DAO classes (and others), I want to use the following pointcut approach (in the spring-security.xml file).
<global-method-security>
<protect-pointcut expression="execution(*controller.*.*(..))" access="ROLE_ADMIN"/>
</global-method-security>
I expect the pointcut expression as specified to protect all the methods in all classes inside the controller package and to be accessed only by the users who have the authority ROLE_ADMIN as specified.
But when I try to use this expression, the process terminates with following exception on saving my spring-security.xml file.
PropertyAccessException 1: org.springframework.beans.MethodInvocationException: Property 'pointcutMap' threw exception; nested exception is java.lang.IllegalArgumentException: Pointcut is not well-formed: expecting 'name pattern' at character position 26 execution(controller..*(..)) ^
I'm trying to follow the approach as specified by the reference document in the Adding Security Pointcuts using protect-pointcut sub-section of the 3.4.1 The <global-method-security> Element section.
What is correct expression syntax in this scenario?
EDIT:
Adding Security Pointcuts using protect-pointcut
The use of protect-pointcut is particularly powerful, as it allows you to apply security to many beans with only a simple declaration. Consider the following example:
<global-method-security>
<protect-pointcut expression="execution(* com.mycompany.*Service.*(..))" access="ROLE_USER"/>
</global-method-security>
This will protect all methods on beans declared in the application context whose classes are in the com.mycompany package and whose class names end in "Service". Only users with the ROLE_USER role will be able to invoke these methods. As with URL matching, the most specific matches must come first in the list of pointcuts, as the first matching expression will be used. Security annotations take precedence over pointcuts.
Copy & pasted the section explained in the reference document (as someone may find it to be tedious to scroll the document).
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
