stackoom
  简体   繁体   中英

What does @Secured({ “ROLE_USER”, “ROLE_ADMIN” }) exactly means

 原文  2015-03-19 09:27:28       java/ spring/ security/ annotations/ role

Question

I have come accross the following annotation in my example code. 

@Secured({ "ROLE_USER", "ROLE_ADMIN" })

Could anyone explain what doest it mean?

3 answers

solution1
 3 ACCPTED  2015-03-19 09:30:06

It's a Spring Security Framework annotation to allow the method to be executed only when the caller has either ROLE_USER or ROLE_ADMIN security roles.

See the documentation for more information on Spring Security.

solution2
 0  2017-06-16 00:40:55

Here goes a example: 

@Controller
public class ProtectedMethodsController {

    @Secured({"ROLE_USER","ROLE_ADMIN"})//->for both security roles
    @RequestMapping("/protectedMethod")
    public @ResponseBody String secretMethod() {
        return "You executed the protected method successfully (For USERs)";
    }

    @Secured("ROLE_ADMIN")
    @RequestMapping("/adminProtectedMethod")
    public @ResponseBody String adminSecretMethod() {
        return "You executed the protected method successfully (For ADMINs)";
    }

    //->Without @Secured("ROLE_")
    @RequestMapping("/notProtectedMethod")
    public @ResponseBody String notProtectedMethod() {
        return "You executed the not protected method successfully (For ALL USERs)";
    }

    /** Notes:
     *  1 - The first step is to enable method security, you do that annotating 
     *      the main class (class with the @SpringBootApplication annotation)
     *      with @EnableGlobalMethodSecurity(securedEnabled = true);
     *  2 - Then we can decorate the method resources with @Secured("ROLE_USER") 
     *      annotation.**/

}


@SpringBootApplication
@EnableGlobalMethodSecurity(securedEnabled = true)
public class Application extends SpringBootServletInitializer {

    public static void main(String[] args) throws Throwable {
        SpringApplication.run(Application.class, args);
    }

    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(Application.class);
    }
}

solution3
 0  2018-10-03 09:43:07

@Secured annotation is a method security in Spring framework. It is one of the authorization semantics applied at the method level . It allows the method to be accessed by the user who has atleast one of the roles specified in the @Secured annotation.

In the example you have looked into, ie @Secured({ROLE_USER, ROLE_ADMIN}) signifies that the method following this annotation can be accessed only by someone who has either ROLE_ADMIN or ROLE_USER.

For further reference, go to this page.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to defined ROLE_USER,ROLE_ADMIN IN together for one spefic url in spring xml using spring security? Spring Security does not work with “hasRole('ROLE_ADMIN')” or ROLE_ADMIN How does @Secured know what role a user is from database? sec:authorize="hasRole('ROLE_ADMIN')" in angular Spring Security role based authentication - 403 Forbidden although user has ROLE_ADMIN What is the difference between ROLE_USER and ROLE_ANONYMOUS in a Spring intercept url configuration? Spring security ROLE_USER from Tables Spring Security , access=“ROLE_ADMIN” Vs access="hasAnyRole('ROLE_ADMIN') How to mention not of hasRole('ROLE_ADMIN') in spring security taglib Creating a @Scheduled task with ROLE_ADMIN permissions in Jhipster
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM