SEC-2852: Possibility to impersonate a Principal when using annotation hasPermission #3074

spring-projects-issues · 2015-02-17T12:54:52Z

Oliver Fernandez (Migrated from SEC-2852) said:

It would be very useful to be able to impersonate another principal when using the annotation hasPermission

The current interface SecurityExpressionOperations only declares the following method

boolean hasPermission(Object target, Object permission)

I propose to also declare:

boolean hasPermission(UserDetails principal, Object target, Object permission)

A very typical use case is that an administrator wants to list the entities a given user has permissions to read, and then manage those permissions.

In the following gist there is a possible implementation of this method:

https://gist.github.com/oliverfernandez/c56f833d058fcae53a1b

The text was updated successfully, but these errors were encountered:

spring-projects-issues added in: acl An issue in spring-security-acl in: core An issue in spring-security-core Open type: enhancement A general enhancement type: jira An issue that was migrated from JIRA labels Feb 5, 2016

rwinch removed the Open label May 3, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SEC-2852: Possibility to impersonate a Principal when using annotation hasPermission #3074

SEC-2852: Possibility to impersonate a Principal when using annotation hasPermission #3074

spring-projects-issues commented Feb 17, 2015

SEC-2852: Possibility to impersonate a Principal when using annotation hasPermission #3074

SEC-2852: Possibility to impersonate a Principal when using annotation hasPermission #3074

Comments

spring-projects-issues commented Feb 17, 2015