What is the difference between WebExpressionVoter and AuthenticatedVoter in spring security? What I know is AuthenticatedVoter will search for strings IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED (cookie) and vote for yes in corresponding cases. But I am not sure of WebExpressionVoter even afetr reading available spring docs. Please any one explain me about WebExpressionVoter. Thanks in advance.
Asked
Active
Viewed 2,872 times
1 Answers
1
Take a look at Web Security Expressions.
The WebExpressionsVoter is enabled by the use-expressions="true" setting on http element config. For example:
<http use-expressions="true">
<intercept-url pattern="/admin*" access="hasRole('admin')"/>
...
</http>
The above example allows you to use SpEL expressions in the intercept-url element attribute access. The expression hasRole('admin') expression is evaluated against an expression root object, for example, a base class of SecurityExpressionRoot -> WebSecurityExpressionRoot
Joe Grandja
- 618
- 4
- 12