@PreAuthorize annotation – hasPermission example in Spring Security

In this tutorial I will show you the most useful annotation is @PreAuthorize which decides whether a method can actually be invoked or not based on user’s role and permission. hasRole() method returns true if the current principal has the specified role and hasPermission() method returns true if the current user’s rola has the specific permission such as READ, WRITE, UPDATE or DELETE. By default if the supplied role does not start with ROLE_ will be added. This can be customized by modifying the defaultRolePrefix on DefaultWebSecurityExpressionHandler.

You can check my previous tutorial on hasRole @PreAuthorize annotation – hasRole example in Spring Security

Continue reading “@PreAuthorize annotation – hasPermission example in Spring Security”

@PreAuthorize annotation – hasRole example in Spring Security

In this tutorial I will show you the most useful annotation is @PreAuthorize which decides whether a method can actually be invoked or not based on user’s role. hasRole() method returns true if the current principal has the specified role. By default if the supplied role does not start with ROLE_ will be added. This can be customized by modifying the defaultRolePrefix on DefaultWebSecurityExpressionHandler.

You can check my tutorial on hasPermission @PreAuthorize annotation – hasPermission example in Spring Security

Continue reading “@PreAuthorize annotation – hasRole example in Spring Security”