In Spring Security how to handle NOT hasAuthority

Question

Using Spring Security we use hasAuthority to conditionally execute code or conditionally display parts of page in jsp.

eg:

@PreAuthorize("hasAuthority('ROLE_TELLER')")
public Account post(Account account, double amount);
}

or (in jsp)

<sec:authorize access="hasAuthority('TAG_SAVE')">
 .... content to display / evaluate
</sec:authorize>

I wanted to know how to handle a case when you want to show / execute something when not having Authority.

may something like

doesNotHaveAuthority('TAG_SAVE')

I am pretty sure, this is not an out of the blue use-case. Has anyone handle this in any way?

Have you tried `!hasAuthority`? http://stackoverflow.com/questions/19311104/how-to-mention-not-of-hasrolerole-admin-in-spring-security-taglib — CollinD, Jun 24 '16 at 20:22

score 4 · Answer 1 · answered Jun 24 '16 at 21:14

4

Actually found that this can use EL. So Using a ! sign works.

So I got it work like this:

<sec:authorize access="!hasAuthority('TAG_SAVE')">
 .... content to display / evaluate when the Authority is not present
</sec:authorize>

answered Jun 24 '16 at 21:14

R K Punjal

1 Answers1