For a security framework to be of value, it needs flexibility. Security rules are never confined to simple use cases. We have all dealt with customers needing very complex settings for certain operations. Spring Security makes this possible through its special dialect of SpEL or Spring Expression Language.
To get a taste of it, let's augment the images microservice's ImageService.delete() method with an authorization rule:
@PreAuthorize("hasRole('ADMIN') or " + "@imageRepository.findByName(#filename).owner " + "== authentication.name") public Mono<Void> deleteImage(String filename) { ... rest of the method unchanged ... }
This preceding code for deleting images is only different in the new annotation in the following ...