Skip to content

SEC-2852: Possibility to impersonate a Principal when using annotation hasPermission #3074

New issue
New issue
Open
Open
SEC-2852: Possibility to impersonate a Principal when using annotation hasPermission#3074
Labels
in: aclAn issue in spring-security-aclin: coreAn issue in spring-security-coretype: enhancementA general enhancementtype: jiraAn issue that was migrated from JIRA
@spring-projects-issues

Description

@spring-projects-issues
spring-projects-issues
opened on Feb 17, 2015

Oliver Fernandez (Migrated from SEC-2852) said:

It would be very useful to be able to impersonate another principal when using the annotation hasPermission

The current interface SecurityExpressionOperations only declares the following method

boolean hasPermission(Object target, Object permission)

I propose to also declare:

boolean hasPermission(UserDetails principal, Object target, Object permission)

A very typical use case is that an administrator wants to list the entities a given user has permissions to read, and then manage those permissions.

In the following gist there is a possible implementation of this method:

https://gist.github.com/oliverfernandez/c56f833d058fcae53a1b

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: aclAn issue in spring-security-aclin: coreAn issue in spring-security-coretype: enhancementA general enhancementtype: jiraAn issue that was migrated from JIRA

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions