I have started using spring security, and after a lot of research I am not able to find an answer for:
If I explicitly want to check if user A have access to stuff B. I can check this with JSP tag support Spring Security - check if web url is secure / protected like
<sec:authorize url="stuff/B">
But what if I want to check the same thing in the controller(java class). I am not finding any spring function here to check if a login user has access to mentioned url(https://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html)
Hint from the javadoc:
to use this tag there must also be an instance of
WebInvocationPrivilegeEvaluator
in your application context. If you are using the namespace, one will automatically be registered. This is an instance ofDefaultWebInvocationPrivilegeEvaluator
,"
And in the javadoc of DefaultWebInvocationPrivilegeEvaluator
, we can see a isAllowed
method that should do the job:
// privilegeEvaluator is a WebInvocationPrivilegeEvaluator "autowired"
boolean allowed = privilegeEvaluator.isAllowed("/stuff/B", yourAuthentication);