I use Spring Security Expressions in @Query, as in this example:
@Query("select o from Pet o where o.owner.name like ?#{hasRole('ROLE_ADMIN') ? '%' : principal.username}")
If you have the ADMIN role, the query returns all pets. But if you do not have this role, the request returns only Pet objects, where the owner name matches the authenticated user name.
This works fine, but when I try to use hasAnyRole ('ROLE_ADMIN', 'ROLE_OWNER'), the system returns an exception ...
org.springframework.expression.spel.SpelEvaluationException: EL1004E:(pos 0): Method call: Method hasAnyRole(java.lang.String,java.lang.String) cannot be found on java.lang.Object[] type
at org.springframework.expression.spel.ast.MethodReference.findAccessorForMetho
...
SecurityExpressionRoot defines a hasAnyRole method:
public final boolean hasAnyRole(String... roles) {
return hasAnyAuthorityName(defaultRolePrefix, roles);
}
source
share