Use spring security expressions in custom annotation

Question

Hi I have a project with Spring boot + Spring Security. I am building a custom annotation which I have defined like this:

@Retention(RUNTIME)
@Target(METHOD)
public @interface CustomAnnotation {
   String condition();
   String[] fields() default {};
}

This annotation will be applied on classes' methods. I want the "condition" parameter to be a 'spring security expression' which I will evaluate in an aspect that will evaluate the expression and if it is true , it will do some logic.

The Aspect is defined as follows:

@Pointcut("@annotation(customAnnotation)"  )
public void pointcutForCustomAnnotation(CustomAnnotation  customAnnotation) {
// Do nothing.
}

@Around("pointcutForCustomAnnotation(customAnnotation)")
public Object customAspect(ProceedingJoinPoint pjp, CustomAnnotation customAnnotation) throws Throwable   {
     // Here should go the logic to evaluate spring security expression
    String condition = customAnnotation.condition();
    String[] fieldsToHide = customAnnotation.fields();
}

When I mean Spring security expression , I mean the ones used in @Preauthorize, @PostAuthorize, @PreFilter @PostFilter spring annotations. For example:

hasRole('ROLE_USER')
isAuthenticated()

How can I evaluate the spring security expression in the aspect ? I guess I could easily take the class i spring framework that does this job

mkobel · Answer 1 · 2016-09-19T20:45:42.863

0

The following gist could be a point to start:

Programmatically check Spring Security expressions

It worked for me with some adations for the same problem in Grails. (I had to change the expressionHandler lookup)

edited Sep 19 '16 at 20:45

answered Sep 19 '16 at 20:34

mkobel

346
4
8

Use spring security expressions in custom annotation

1 Answers1