stackoom
  简体   繁体   中英

Spring security use of @PreAuthorize

 原文  2016-07-13 17:29:33       javascript/ java/ spring/ spring-security

Question

Recently I have been working on aa requirement where in certain UI elements should be only visible to user with particular role(say role is XXX)

I used: 

<sec:authorize access="hasRole('XXX')"> <input type="button"/></sec:authorize>

which works fine.

But I just wanted to understand if I need to add the below line as well on the java code? If yes, then why? 

@PreAuthorize("hasRole('XXX')")

1 answers

solution1
 1 ACCPTED  2016-07-13 20:00:32

As usually, it depends.

If you are building/maintaining a classic MVC application with Spring MVC and all of your RequestMapping 's are pointing to a (JSP) view (hence resolved by an InternalResourceViewResolver and usually rendered by the JspServlet ) you don't need @PreAuthorize .

But, if you are exposing at least one endpoint eg as JSON/XML you'll need at add @PreAuthorize if it is required.

Simply put, if your handler method returns a value that gets resolved by a ViewResolver use the appropriate tag for JSP , Velocity or Freemarker otherwise consider using @PreAuthorize .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Use Spring Security in Thymeleaf escaped expressions in JavaScript How to use Spring Security username in Javascript use spring security to tell ajax requests where the login page is Spring Security causing PageNotFound Authority actions in Spring Security AngularJS and Spring MVC security Spring Security /j_spring_security_check without JSP Spring Security without Spring Tag Library (JSTL) Spring Security Authentication object is null for Spring SseEmitter Dynamically Implementing Spring Security with Javascript
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM