Closed
Description
Summary
Allow multiple security annotations on a single method
Actual Behavior
Currently if there are multiple annotations (PreAuthorize or Secured) on a single method only one is actually used.
Proposed Behavior
Each annotation is evaluated with an AND condition connecting them all.
Rationale
This will work very well with meta annotations. Currently, complex security restrictions require code duplication. Instead, I could define a few common security constraints in their own meta annotations and compose my security requirements by placing the appropriate annotations on the method.
Version
Sample Proposed Behaviour
@SameOrganization
@Admin
@LoggedIn
public void updateUser(User user){
//update a user belonging to same organization as me where I am logged in and am an admin
}