Add custom spring securtiy expression method
There are no offcial ways to add custom security expression, like hasRole / hasAuthority etc, the only way is to do some tweaking.
Solution 1. Create a static method and invoke by spel. Like below:
<security:authorize access="T(com.Class).doSomething(request.parameterMap['parameterName'], 'ROLE_ADMIN')">
Is Admin
</security:authorize>
Solution 2. Extends WebSecurityExpressionRoot and config spring to use it as default. In the extended class, method can be defined just as same as the hasRole. There are some limitations in this approach.
1) Have to extend DefaultMethodSecurityExpressionHandler to create the customed WebSecurityExpressionRoot
2) It's weird that the xml schema of spring-security doesn't allow expressionHandler inside security:http, while in the code FilterInvocationSecurityMetadataSourceParser.createSecurityMetadataSource, line 73, it will try to find a expression-handler.
A discussion related:
http://forum.springsource.org/showthread.php?t=75331