Details

      Description

      I think the example should change from

      @PreAuthorize("#contact.name == principal.name)")
      public void doSomething(Contact contact);

      To

      @PreAuthorize("isAuthenticated() and #contact.name == principal.username")
      public void doSomething(Contact contact);

      Reasoning:

      1) Remove the stray ) character; syntax error
      2) add isAuthenticated; the AnonymousAuthenticationFilter places a String as the principal and not a UserDetails object (An IllegalArgumentException is thrown when the user is not authenticated without this).
      3) change principal.name to principal.username; UserDetails (the principal for authenticated object) contains a username property and not a name property

        Activity

        Hide
        Luke Taylor added a comment - - edited

        I've fixed the extra bracket. Rather than adding isAuthenticated(), I've used "authentication.name" which will work in both cases, keeping it simpler and more directly related to the text. Users should also understand that the expressions are just examples and won't necessarily work directly in their application. Some methods will only be invoked by an authenticated user because of the web interface security constraints (as should be the case with the contacts sample app, from which the example expressions are taken) and adding an isAuthenticated() in that situation would be unnecessary.

        Show
        Luke Taylor added a comment - - edited I've fixed the extra bracket. Rather than adding isAuthenticated(), I've used "authentication.name" which will work in both cases, keeping it simpler and more directly related to the text. Users should also understand that the expressions are just examples and won't necessarily work directly in their application. Some methods will only be invoked by an authenticated user because of the web interface security constraints (as should be the case with the contacts sample app, from which the example expressions are taken) and adding an isAuthenticated() in that situation would be unnecessary.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Rob Winch
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: