The other day I found that I would like a way to authorize a user based on a wild card or, better yet, a regex expression, something like:
@PreAuthorize("hasRegexRole('.*_ADMIN')")
After much looking around I came up with the following.
First we tell Spring to look at our expression handler for method and web authorization.
Then we create our expression handler to return our custom security root.
And we define our custom security root with our new expression method. Also note the hasIpAddress method. This is there to replace the WebSecurityExpressionRoot so that we can use our new expression on JSPs with spring security's tag.
Test!
And we create a custom web security expression handler that returns our custom security root. Again this allows us to use our custom expression method in JSPs, or in URLs if you really wanted.
