Valid use case for @PostAuthorize And @PostFilter annotations Valid use case for @PostAuthorize And @PostFilter annotations spring spring

Valid use case for @PostAuthorize And @PostFilter annotations


java spring spring-security spring-security-acl

Both the @PostAuthorize and @PostFilter are used, mostly, in combination with ACL. Where the @PostAuthorize will generate an exception if something is returned which one hasn't access to, the @PostFilter will remove the objects one doesn't have access to (in general useful when returning collections of elements).

java spring spring-security spring-security-acl

@PostFilter filters the returned collection or arrays after executing the method. Spring security provides a built-in object named as filterObject at which @PostFilter performs filtering task.

@PostFilter can be used on service layer with @PreAuthorize and @PostAuthorize.

Use interface to declare the filter operation.

public interface IBookService {    @PreAuthorize ("hasRole('ROLE_READ')")    @PostFilter ("filterObject.owner == authentication.name")    public List<Book> getBooks();    @PreFilter("filterObject.owner == authentication.name")    public void addBook(List<Book> books);}

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last