Allowing access by reauthentication access, where

amy

Hello all,

I want to ask a Spring Security question; here's the scenario:

Some very important user logs in a spring-security based application. This user has access to some secured methods ( using the @Secured or similar annotations ):

@Secured(quot;IMPORTANT_ROLEquot;)
public void sendThousandMails() ...

Effectively, our user has access to this method BUT, and here's where my question goes, I would like him to reauthenticate, just to improve security of a very critical method.

So my question is: even if our user has access to a method, is it possible to intercept access to this method and ask the user for a reauthentication and, on success, continue with the execution of this method?

Something like:

@Secured(quot;IMPORTANT_ROLEquot;, reauthenticate = quot;IMPORTANT_ROLEquot;)
public void sendThousandMails() ...

This annotation would ensure direct access to roles gt;= IMPORTANT_ROLE and deny access to users lt; IMPORTANT_ROLE. Even more, it will ask for reauth when user has role = IMPORTANT_ROLE but the user will have direct access to it when role gt; IMPORTANT_ROLE ( like SOME_HIGHER_IMPORTANT_ROLE )

I find this feature really really helpful for many scenarios.

Thank you in advance.

Alberto