Skip to content

Allow multiple security annotations on a method (combining result of evaluations with AND operator) #4003

Closed
@sambiomatters

Description

@sambiomatters

Summary

Allow multiple security annotations on a single method

Actual Behavior

Currently if there are multiple annotations (PreAuthorize or Secured) on a single method only one is actually used.

Proposed Behavior

Each annotation is evaluated with an AND condition connecting them all.

Rationale

This will work very well with meta annotations. Currently, complex security restrictions require code duplication. Instead, I could define a few common security constraints in their own meta annotations and compose my security requirements by placing the appropriate annotations on the method.

Version

Sample Proposed Behaviour



@SameOrganization
@Admin
@LoggedIn
public void updateUser(User user){
  //update a user belonging to same organization as me where I am logged in and am an admin
}

Metadata

Metadata

Labels

in: coreAn issue in spring-security-coretype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions