Method-Level Security with @PreAuthorize

Snippet

Method-Level Security with @PreAuthorize

@PreAuthorize allows for fine-grained access control using Spring Expression Language (SpEL). You can restrict methods based on user roles or compare method arguments with the current authenticated user.

snippet.java
java
@Service
public class AdminService {
    @PreAuthorize("hasRole('ADMIN')")
    public void deleteSensitiveData(Long id) {
        // Logic to delete data
    }
 
    @PreAuthorize("#username == authentication.name")
    public void updateProfile(String username, ProfileData data) {
        // Logic to update profile
    }
}

spring

Breakdown

hasRole('ADMIN')

SpEL expression checking if the authenticated user has the 'ADMIN' authority.

#username == authentication.name

Compares the method parameter 'username' with the name of the currently logged-in user.

@PreAuthorize

Annotation that triggers a security check before the method is actually executed.

Previous snippet Next snippet

More Intermediate Java exercises →

From your library

Method-Level Security with @PreAuthorize

Related