0

I'm trying to produce complex role model using custom annotation. I have service roles: ADMIN, EMPLOYEE, ACCOUNTANT And custom roles: 1_GET_DICTIONARIES, 2_WRITE_DICTIONARIES and so on...

I've read a good example of custom annotation:

@Retention(RetentionPolicy.RUNTIME)
@PreAuthorize("hasAuthority(#serviceRoles) " + || hasAuthority(#customerRoles")
public @interface IsAuthenticatedByServiceAndCustomRoles {
    []String serviceRoles;
    []String customRoles;
}

i need to annotate a controlelr with my annotation and pass two []String parameters to annotation, to be like this:

@IsAuthenticatedByServiceAndCustomRoles(
    serviceRoles = ['ADMIN', 'EMPLOYEE'], 
    customRoles = "['1_GET_DICTIONARIES', '2_WRITE_DICTIONARIES']")

but i can't properly pass my params to spel expression... And the second problem, that i pass array to hasAuthority(), but it accepts single String role...

I don't understand how can i do this... Could anyone help me? please?

darth jemico
  • 605
  • 2
  • 9
  • 18
  • What do you mean by *i can't properly pass my params to spel expression*? You already did it. – dur Dec 29 '20 at 18:30
  • 1
    And `hasAuthority` only accepts one parameter. You could try `hasAnyAuthority`. – dur Dec 29 '20 at 18:31
  • When i set the mentioned above annotation on controller i receive authorities = String[1] "all elements are null" org.springframework.security.access.expression.SecurityExpressionRoot#hasAnyAuthority – darth jemico Dec 29 '20 at 19:25
  • How do you compile your code? Do you ise JDK >8 and the argument `-parameters`? – dur Dec 29 '20 at 19:36
  • Yes, i'm on OpenJDK 11. I have a spring boot project... The current annotation impls is: @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) @PreAuthorize("hasAnyAuthority(#serviceRoles) || hasAnyAuthority(#customerRoles)") public @interface IsAuthenticatedByServiceAndCustomRoles { String[] serviceRoles() default ""; String[] customRoles() default ""; } – darth jemico Dec 29 '20 at 19:43
  • Could you add the stacktrace? – dur Dec 29 '20 at 19:49
  • No exception is thrown.. i just get {String[1]@14352} at hasAnyAuthority(String... authorities) method – darth jemico Dec 29 '20 at 19:59
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/226576/discussion-between-bajiepka13-and-dur). – darth jemico Dec 29 '20 at 20:02

0 Answers0