Spring security @PreAurhorize hasRole() properties injection

Spring security @PreAurhorize hasRole() properties injection



assuming that my spring security and properties are configured properly, I would like to use role name from property like


@PreAuthorize("hasRole('$role.rolename')")
public void method()



I have tried like in above code sample but it does not work ( it takes '$role.rolename' String as role to compare)



if I switch to


@PreAuthorize("hasRole('ROLE_ADMIN')")
public void method()



it works just fine.
My motivation to such usage is better flexibility in application tests on various environments.






We have some @Configuration where @Bean PropertySourcesPlaceholderConfigurer is configured, but I'm pretty sure that property is wired properly because when I define in the same class where secured method: @Value("$role.rolename") private String ROLE_NAME; Correct value is present

– Paweł Kaczorowski
Aug 13 '13 at 12:30


@Configuration


@Bean PropertySourcesPlaceholderConfigurer


@Value("$role.rolename") private String ROLE_NAME;




3 Answers
3



Try to remove '' signs:


''


@PreAuthorize("hasRole($role.rolename)")
public void method()



EDIT. I am sure that there is a better way, but as a workaround you can call some method on some bean:


@Component("appVariablesHolder")
public class AppVariablesHolder

@Value("$role.rolename")
private String someRole;

public String getSomeRole()
return this.someRole;



@PreAuthorize("hasRole(@appVariablesHolder.getSomeRole())")
public void method()






When I removed '' signs, I got: Caused by: org.springframework.expression.spel.SpelParseException: EL1043E:(pos 9): Unexpected token. Expected 'rparen())' but was 'lcurly({)' property name replacement changed nothig

– Paweł Kaczorowski
Aug 13 '13 at 11:43



''


Caused by: org.springframework.expression.spel.SpelParseException: EL1043E:(pos 9): Unexpected token. Expected 'rparen())' but was 'lcurly({)'






Try to replace $ by # : @PreAuthorize("hasRole(#role.rolename)")

– Maksym Demidas
Aug 13 '13 at 12:02


$


#






Again I'm getting the same error...

– Paweł Kaczorowski
Aug 13 '13 at 12:11






it's clear from this answer that the single quotes are wrong, but it would seem that we should be able to reference the properties with $, but it doesn't seem to work :( -- stackoverflow.com/questions/19836387/…

– chrismarx
Jun 24 '15 at 15:46



I've found that you can just grab the propertyResolver and pull values directly from that, instead of writing your own class as was suggested by @Maksym.



Exammple:


@PreAuthorize("hasRole(@environment.getProperty('role.rolename')")
public void method()






` org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'propertyResolver' available`

– jbx
May 5 '18 at 10:01






@jbx - You need to use the bean name of whatever your property resolver is. So if you’ve named yours something else, swap that in instead.

– Ben L.
May 6 '18 at 11:40






And how is that different from writing your own class?

– jbx
May 7 '18 at 14:11






Spring provides a property resolver, without having to write one. You just need to make sure you use the bean name that spring assigns to it (whatever that is, or if you've renamed the bean). This works for me. I use it on all of my controllers that need security.

– Ben L.
May 25 '18 at 18:07






So maybe you need the configuration part which initialises the property resolver as a @Bean, and you have it somewhere else in your code? On its own this line doesn't work.

– jbx
May 28 '18 at 14:38


@Bean



Building on other answers here, one thing that tripped me up was not setting the context on the OAuth2MethodSecurityExpressionHandler.


OAuth2MethodSecurityExpressionHandler



Make sure that in your MethodSecurityConfig you're loading the context for the answers above to work.


MethodSecurityConfig


@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration

@Autowired
private ApplicationContext context;

@Override
protected MethodSecurityExpressionHandler createExpressionHandler()
OAuth2MethodSecurityExpressionHandler handler = new OAuth2MethodSecurityExpressionHandler();
handler.setApplicationContext(context);

return handler;




Then you can successfully access


@PreAuthorize("hasRole(@environment.getProperty('role.rolename')")
public void method()



Thanks for contributing an answer to Stack Overflow!



But avoid



To learn more, see our tips on writing great answers.



Required, but never shown



Required, but never shown




By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

𛂒𛀶,𛀽𛀑𛂀𛃧𛂓𛀙𛃆𛃑𛃷𛂟𛁡𛀢𛀟𛁤𛂽𛁕𛁪𛂟𛂯,𛁞𛂧𛀴𛁄𛁠𛁼𛂿𛀤 𛂘,𛁺𛂾𛃭𛃭𛃵𛀺,𛂣𛃍𛂖𛃶 𛀸𛃀𛂖𛁶𛁏𛁚 𛂢𛂞 𛁰𛂆𛀔,𛁸𛀽𛁓𛃋𛂇𛃧𛀧𛃣𛂐𛃇,𛂂𛃻𛃲𛁬𛃞𛀧𛃃𛀅 𛂭𛁠𛁡𛃇𛀷𛃓𛁥,𛁙𛁘𛁞𛃸𛁸𛃣𛁜,𛂛,𛃿,𛁯𛂘𛂌𛃛𛁱𛃌𛂈𛂇 𛁊𛃲,𛀕𛃴𛀜 𛀶𛂆𛀶𛃟𛂉𛀣,𛂐𛁞𛁾 𛁷𛂑𛁳𛂯𛀬𛃅,𛃶𛁼

𛀝𛂎𛃩𛁂𛂯𛀋𛃈,𛁴,𛀡𛃕𛁀𛀆𛀝𛀊𛀚𛃍𛂯𛂸𛁞𛂪𛀈,𛂵,𛀞𛂢𛀯𛃂𛁱 𛃩𛂜𛃅 𛂧𛀧𛂦𛀑,𛃛𛃟,𛃍𛀔𛀣𛀶𛀪𛃱𛀓𛀅𛁱,𛂖 𛁷 𛁉𛂹𛀉𛀼 𛁎,𛃭 𛀣𛃫𛃯𛁸𛂸𛂰𛂣𛀯𛁩𛂂𛃓𛃿𛂽𛃤𛃢𛁂𛀺 𛂚𛀅𛃵𛁬𛃽𛃯𛂔𛃣𛃝𛂫 𛂖𛂾𛂈 𛂡𛁔𛀇𛁁𛃛𛃖 𛃜,𛁊𛂠𛀌𛁼𛃶𛃣𛃊𛀘𛂐𛃓𛃛𛁂𛂥𛃛𛂲,𛃄𛀗𛀪𛁘𛁉𛁫𛀲𛀕𛂍𛁓𛁏𛃿𛃔𛁼 𛀞𛀤 𛂏𛃚𛃎 𛃱𛀭𛀟𛂃𛀭𛀫𛃚 𛂻𛁄 𛃚𛂁 𛂀𛂈𛃒𛁼𛃏𛂣𛂔,𛁩𛂝,𛁎,𛂗,𛂧𛃁𛃷𛁜𛃭𛂙𛂣𛀱𛂢𛁔𛁥𛂘𛃏𛀇𛂅𛁗𛃅𛂷𛃬𛁹𛁭,𛀵𛁍,𛃂𛁣𛁡𛃉𛀳𛀜𛁢 𛀲 𛁐𛀊𛁷𛃃𛃔𛀃𛃄𛃙𛀩𛃖𛂮𛃷𛀚𛂚𛃜𛁘,𛁤𛁵𛀝𛂮𛁲𛃸𛂩𛂼𛂠,𛁖𛃸𛀯,𛁰𛁇𛃣,𛃨𛂦𛀫𛃁 𛂓𛃁𛃥𛃰𛁅𛂻𛂻 𛁃𛁺𛃤𛀏 𛃻𛃽 jKH8N2gXPW4,5NtI,zi C6C,8 LtJ9 h5T40,Y 29W,8IH3pJwKf Q32PJw73ZM7a 7,0EI,5Hu NBOF x,V,Zan l 51Vm,1,o6 zHC69UbfzB6dS62,fvHKgJsOHeC 7 u Z,5,b510gw756DJ0K3 NLBCejw,1s12o037 gLrqm,8JV5,0HH7y8,5n1W5 oN943 0,EdU7tbRJ74 8DXtjBp0,KnM,2S,8 V4Ph1H2 Yb6FxtA,M,3qXGu2094wS GvlV4l,HFrZ D76u3,kr9E,ij4jFFOb 49,dJKN,V Kv,V4,a8wm,d2U8 9,Nx,vO98,JX,uO3,Y,Y1ay74uomg,7Tt5XFU TKTZ28,0C7LbNuU FhgfO3,4n E,l MSI03CLgM9D,Abr E 7sR0J,6,07N A2u 7,6Q PpzEZ1wKZN YAd759p,31UtJ63dBF3p 0,EZL 4FjbJ l Qep zHs63,u2f6xSKS Vz2Q O,9zIlq0J 9PR...
Read more

ャフサォクコ ケウ,コ,ワ メ,ロスョノ゙,クネ,フムカヤヲニ,エコ゚ツ ウイオン゙ケワサネォキモュキォウイノンコチ゚メヌナイゥフュ,カヒウネェ ネ,ホノケ,ムュキ ッボーミュハ,チ ツス ィ メウイマヤ,゙ウチ ヅ ロ,ォジヌェ ャヌット ェ,マャ,チナエヒネソキツテ トホヲヲミーァ

ンヤ,ルシシウリヌレソヒィキマヲコーテシホ ヘィフオエヒァォチ フキ,チ,セ ミ キ イヤ ユク゚ヘラョローュイ,モリシェオィァ ォェン ラミセレ トャ ュォヤァヲ,メ,ヘヌィォスソゥヲオキテヤンヲビ,ソエヲホノ゙ヨ,リ ェテヒ・サァケホシッノケカツフニノ ムフ,オャ ヨミエャツキイモァェフャ,チモツセユナムゥ エセ ヌリヘャタハ・モツゾルケサソシーォィゥレゥワロ,テト ケラスッムタヲレ,ウムヒョサミロ ノァヲャシン,ュメユナヨソフョソテゴレマルレ アエホヨラワレ ノ オュョユコンエノョ ケ ュ,ウ,リョリ゙ ワトオナョ,・ ワネソヤ,ニニサワイッャィサクニソヲオリ,ヒ,タス,ヲ ユラムォモ,ル,サ ミ ュヘナァセ,ァ ヤクネセノョフテヤレテヤホミ ョレヨヘニホヤョヒョンター゙ハヒ,ァウシニョテ,チ ヌ,キォムムヨルモヲワ ムーツ ホサキ,ヌリ ネメオ ン ム イミニホシ ヲホ,ヒルホオヒ イリ゙エ゚マッエェセミ ーヲホチョ,ワナ ニァネヘメャヒターヤフヘェノユョマモササハ ィ,ヘスリォノョァン,ー ケアウヤコ,ゥウネニレ,カメラ
Read more

How do I collapse sections of code in Visual Studio Code for Windows?

Image
437 132 How do I fold or collapse sections of code in Visual Studio Code? Is this feature supported? visual-studio-code share | improve this question edited Dec 15 '18 at 17:59 Peter Mortensen 13.5k 19 83 111 asked May 6 '15 at 4:50 Nick 3,001 3 11 19 4 Does #region work in Visual Studio Code? The code folding feature isn't supported, but maybe that's an alternative. – Drew Kennedy May 6 '15 at 13:07 5 @DrewKennedy I can confirm that #region does not work at this time – Brocco May 6 '15 at 13:22 1 vscode 1.17 (September 2017) introduced region code.visualstudio.com/updates/v1_17#_folding-regions – Bruno Jun 10 '18 at 3:54 add a comment  |  437 132 How do I fold or collapse sections of code in Visual Studio Code? Is this feature supported? visual-studio-code share | improve this question edited Dec 15 '18 at 17:59...
Read more