|
|
@@ -154,14 +154,16 @@
|
|
|
within the expression, so you can also access properties on the arguments. For
|
|
|
example, if you wanted a particular method to only allow access to a user whose
|
|
|
username matched that of the contact, you could write</para>
|
|
|
- <programlisting> @PreAuthorize("#contact.name == principal.name)")
|
|
|
+ <programlisting>
|
|
|
+ @PreAuthorize("#contact.name == authentication.name")
|
|
|
public void doSomething(Contact contact);</programlisting>
|
|
|
- <para>Here we are accessing another built–in expression, which is the
|
|
|
- <literal>principal</literal> of the current Spring Security
|
|
|
- <interfacename>Authentication</interfacename> object obtained from the
|
|
|
- security context. You can also access the
|
|
|
- <interfacename>Authentication</interfacename> object itself directly using
|
|
|
- the expression name <literal>authentication</literal>.</para>
|
|
|
+ <para>Here we are accessing another built–in expression, <literal>authentication</literal>,
|
|
|
+ which is the <interfacename>Authentication</interfacename> stored in the
|
|
|
+ security context. You can also access its <quote>principal</quote> property
|
|
|
+ directly, using the expression <literal>principal</literal>. The value will
|
|
|
+ often be a <interfacename>UserDetails</interfacename> instance, so you might use an
|
|
|
+ expression like <literal>principal.username</literal> or
|
|
|
+ <literal>principal.enabled</literal>.</para>
|
|
|
<para>Less commonly, you may wish to perform an access-control check after the
|
|
|
method has been invoked. This can be achieved using the
|
|
|
<literal>@PostAuthorize</literal> annotation. To access the return value
|
Luke Taylor