2

I'm using Spring security 3.0.5 in a JSF 2 application.

In order to deactivate/hide entries in my navigation menu for users that are not permitted to access them, I need a way to programmatically test whether the currently logged in user is allowed to access a given URL.

What's the easiest way to do that?

Jonas Lundgren
  • 1,031
  • 11
  • 17
Michael Borgwardt
  • 342,105
  • 78
  • 482
  • 720

1 Answers1

5

I've found the solution myself: the API for this functionality is found in WebInvocationPrivilegeEvaluator, which can be acquired via an @Autowired spring bean.

Michael Borgwardt
  • 342,105
  • 78
  • 482
  • 720
  • I want to do a similar thing. Can you answer this: http://stackoverflow.com/questions/6893061/how-to-dynamically-decide-intercept-url-access-attribute-value-in-spring-securi – Cracker Aug 01 '11 at 00:21
  • Michael, do you know if WebInvocationPrivilegeEvaluator runs for urls bounded to SpringMVC controller methods with @Preauthorize annotations? – Ricardo Vila Mar 04 '15 at 11:14
  • This doesn't work for `@PreAutorized` and `@PostAuthorized` annotations – Jan Zyka Dec 01 '16 at 21:45