{"id":85521,"date":"2019-01-04T07:00:19","date_gmt":"2019-01-04T05:00:19","guid":{"rendered":"https:\/\/www.javacodegeeks.com\/?p=85521"},"modified":"2019-01-03T11:16:59","modified_gmt":"2019-01-03T09:16:59","slug":"expression-based-access-control","status":"publish","type":"post","link":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html","title":{"rendered":"Expression-Based Access Control"},"content":{"rendered":"<h2>1. Overview<\/h2>\n<p>Today, we\u2019ll be reviewing the differences between Expression-Based Access Control (EBAC), Role Based Access Control (RBAC), and Attribute Based Access Control (ABAC), with a deeper focus on EBAC.<\/p>\n<h2>2. What is Expression-Based Access Control?<\/h2>\n<p>Simply put, Expression-Based Access Control is the use of expressions to write authorization.<\/p>\n<p>The phrase <a href=\"https:\/\/docs.spring.io\/spring-security\/site\/docs\/5.1.1.RELEASE\/reference\/htmlsingle\/#el-access\" target=\"_blank\" rel=\"noopener\">Expression-Based Access Control<\/a> (EBAC) is currently most commonly associated with the use of the <a href=\"https:\/\/docs.spring.io\/spring\/docs\/5.1.1.RELEASE\/spring-framework-reference\/core.html#expressions\" target=\"_blank\" rel=\"noopener\">Spring Expression Language <\/a>expressions to write authorization.<\/p>\n<p>It was in Spring Security 3.0 that the ability to use Spring EL expressions as an authorization mechanism in addition to the simple use of configuration attributes and access-decision voters was introduced.<\/p>\n<p>However, using expressions for access control is <b>NOT<\/b> limited to just Spring Security! This blog post is partially a request to the greater community to recognize the use of expressions in authorization as Expression-Based Access Control (EBAC), since it is uniquely different than other forms of access control, due to its ability to let you implement other forms of access control such as RBAC and ABAC.<\/p>\n<p>Other examples of EBAC include the <a href=\"http:\/\/doc.mapr.com\/display\/MapR\/Syntax+of+Access+Control+Expressions\" target=\"_blank\" rel=\"noopener\"> Access Control Expressions (ACE) in MapR <\/a> and <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/identity-protection\/access-control\/dynamic-access-control\" target=\"_blank\" rel=\"noopener\"> Dynamic Access Control in Windows<\/a>. There may others as well, such as the <a href=\"https:\/\/symfony.com\/doc\/current\/security\/expressions.html\" target=\"_blank\" rel=\"noopener\"> PHP Framework Symfony<\/a>.<\/p>\n<h3>Is Expression-Based Access Control (EBAC) Equivalent to Attribute Based Access Control (ABAC)?<\/h3>\n<p>No, but <a href=\"https:\/\/www.javacodegeeks.com\/2018\/07\/authorizing-resources-created.html\" target=\"_blank\" rel=\"noopener\"> ABAC<\/a> can be implemented with EBAC.<div style=\"display:inline-block; margin: 15px 0;\"> <div id=\"adngin-JavaCodeGeeks_incontent_video-0\" style=\"display:inline-block;\"><\/div> <\/div><\/p>\n<p>Here is a high level definition of ABAC according to <a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-162.pdf\" target=\"_blank\" rel=\"noopener\">NIST Special Publication 800-162<\/a>:<\/p>\n<blockquote>\n<p>An access control method where subject requests to perform operations on objects are granted or denied based on assigned attributes of the subject, assigned attributes of the object, environment conditions, and a set of policies that are specified in terms of those attributes and conditions<\/p>\n<\/blockquote>\n<p>With this in mind, we could write our own using an expression language, such as Spring Expression Language based expressions, that can then call with the existing <em>@PreAuthorize<\/em>, <em>@PostAuthorize<\/em>, <em>@PreFilter<\/em> and <em>@PostFiler<\/em>, <em>sec:authorize<\/em> tags and even from intercept-url conditions.<\/p>\n<h3>Is Expression-Based Access Control (EBAC) Equivalent Role Based Access Control (RBAC)?<\/h3>\n<p>No, EBAC is not equivalent to RBAC, but RBAC comes built-in to certain expression languages such as Spring EL. For instance, there are these two common expressions that allow us to implement RBAC with ease:<\/p>\n<ul>\n<li><em>hasRole([role])<\/em><\/li>\n<li><em>hasAnyRole([role1,role2])<\/em><\/li>\n<\/ul>\n<p>However, when writing fine-grained authorization rules, we easily begin to write expressions that surpass the granularity level of RBAC.<\/p>\n<h2>3. Web Security Expressions<\/h2>\n<p>EBAC implementations, such as Spring Security, allow us to secure URLs. The expressions should evaluate to true or false, defining whether or not access is granted. An example of restricting access in a RESTful application base on userID in a Java configuration:<\/p>\n<pre class=\"brush:java\">http\n.authorizeRequests()\n.antMatchers(\"\/user\/{userId}\/**\").access(\"@webSecurity.checkUserId(authentication,#userId)\")\n...<\/pre>\n<h2>4. Method Security Expressions<\/h2>\n<p>Method security is more complicated than permit or deny.<\/p>\n<p>For example, in Spring Security, there are four annotations that take expression attributes to perform pre and post-invocation authorization checks and also to support filtering of submitted collection arguments or return values.<\/p>\n<p><em>@PreAuthorize<\/em>, which is the most commonly used, decides whether a method can actually be invoked or not.<\/p>\n<p><em>@PostAuthorize<\/em>, an uncommonly used annotation, performs an access-control check after the method has been invoked.<\/p>\n<p>With <em>@PostFilter<\/em>, Spring Security iterates through the returned collection and removes any items for which the provided expression is false.<\/p>\n<p><em>@PreFilter<\/em> allows us to filter before the method call, but this is less commonly used.<\/p>\n<p>Below we have an example of combining <em>PreAuthorize<\/em> with <em>@PostFilter<\/em> for more fine-grained security:<\/p>\n<pre class=\"brush:java\">@PreAuthorize(\"hasRole('USER')\")\n@PostFilter(\"hasPermission(filterObject, 'read') or hasPermission(filterObject, 'admin')\")\npublic List&lt;contact&gt; getAll();<\/pre>\n<h2>5. When to Use Expression-Based Access Control (EBAC)?<\/h2>\n<p>If the security we need requires more granularity than simple Access Control Lists (ACLs), then we need to use EBAC. How we decide to implement EBAC is a matter what resources we have available to us. For instance, in an organization that uses Spring Security, then why not use their Spring EL? Likewise, if we have MapR, then we\u2019d use their Access Control Expressions.<\/p>\n<p>In other situations, in order to meet the needs of the organization, it may be required to write our own expression language in the favored language in order to implement EBAC. The reason why we\u2019d spend time doing this, of course, is to allow us to implement whatever kind of access control we want, with the conditions we want. Once we have the adequate expression language to accomplish this, another benefit is that we are less likely to rely on others \u2013 whether commercial off the shelf products or open source.<\/p>\n<h2>6. Conclusion<\/h2>\n<p>Various software comes with the ability to write authorization using expressions, such as MapR, Windows, and, of course, Spring Security. If fine-grained access control can be accomplished using the expressions, I refer to it \u2013 and suggest you refer to it \u2013 as Expression-Based Access Control (EBAC). By giving it a name, we are more likely to use it to secure our systems over traditional RBAC. This is good because fine-grained access control, when done properly, is more likely to prevent breaches.<\/p>\n<div class=\"attribution\">\n<table>\n<tbody>\n<tr>\n<td>Published on Java Code Geeks with permission by Michael Good, partner at our <a href=\"\/\/www.javacodegeeks.com\/join-us\/jcg\/\" target=\"_blank\" rel=\"noopener\">JCG program<\/a>. See the original article here: <a href=\"http:\/\/michaelcgood.com\/expression-based-access-control\/\" target=\"_blank\" rel=\"noopener\">Expression-Based Access Control<\/a><\/p>\n<p>Opinions expressed by Java Code Geeks contributors are their own.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>1. Overview Today, we\u2019ll be reviewing the differences between Expression-Based Access Control (EBAC), Role Based Access Control (RBAC), and Attribute Based Access Control (ABAC), with a deeper focus on EBAC. 2. What is Expression-Based Access Control? Simply put, Expression-Based Access Control is the use of expressions to write authorization. The phrase Expression-Based Access Control (EBAC) &hellip;<\/p>\n","protected":false},"author":5558,"featured_media":240,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[125],"class_list":["post-85521","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-enterprise-java","tag-spring-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Expression-Based Access Control - Java Code Geeks<\/title>\n<meta name=\"description\" content=\"Interested to learn about Expression-Based Access Control? Check our article reviewing the differences between Expression-Based Access Control (EBAC).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Expression-Based Access Control - Java Code Geeks\" \/>\n<meta property=\"og:description\" content=\"Interested to learn about Expression-Based Access Control? Check our article reviewing the differences between Expression-Based Access Control (EBAC).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html\" \/>\n<meta property=\"og:site_name\" content=\"Java Code Geeks\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/javacodegeeks\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-04T05:00:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"150\" \/>\n\t<meta property=\"og:image:height\" content=\"150\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Good\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:site\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Good\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html\"},\"author\":{\"name\":\"Michael Good\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/d13cc729556b91450ae21878a82139ed\"},\"headline\":\"Expression-Based Access Control\",\"datePublished\":\"2019-01-04T05:00:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html\"},\"wordCount\":836,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"keywords\":[\"Spring Security\"],\"articleSection\":[\"Enterprise Java\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html\",\"name\":\"Expression-Based Access Control - Java Code Geeks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"datePublished\":\"2019-01-04T05:00:19+00:00\",\"description\":\"Interested to learn about Expression-Based Access Control? Check our article reviewing the differences between Expression-Based Access Control (EBAC).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html#primaryimage\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"width\":150,\"height\":150,\"caption\":\"spring-interview-questions-answers\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/expression-based-access-control.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Enterprise Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\\\/enterprise-java\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Expression-Based Access Control\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"name\":\"Java Code Geeks\",\"description\":\"Java Developers Resource Center\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"alternateName\":\"JCG\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.javacodegeeks.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\",\"name\":\"Exelixis Media P.C.\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"width\":864,\"height\":246,\"caption\":\"Exelixis Media P.C.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/javacodegeeks\",\"https:\\\/\\\/x.com\\\/javacodegeeks\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/d13cc729556b91450ae21878a82139ed\",\"name\":\"Michael Good\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dc6ef7dbff80afe08a3cdc3b0677aaa26021085e041ce1873dc2141bc581b623?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dc6ef7dbff80afe08a3cdc3b0677aaa26021085e041ce1873dc2141bc581b623?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dc6ef7dbff80afe08a3cdc3b0677aaa26021085e041ce1873dc2141bc581b623?s=96&d=mm&r=g\",\"caption\":\"Michael Good\"},\"description\":\"Michael is a software engineer located in the Washington DC area that is interested in Java, cyber security, and open source technologies. Follow his personal blog to read more from Michael.\",\"sameAs\":[\"http:\\\/\\\/www.michaelcgood.com\"],\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/author\\\/michael-good\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Expression-Based Access Control - Java Code Geeks","description":"Interested to learn about Expression-Based Access Control? Check our article reviewing the differences between Expression-Based Access Control (EBAC).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html","og_locale":"en_US","og_type":"article","og_title":"Expression-Based Access Control - Java Code Geeks","og_description":"Interested to learn about Expression-Based Access Control? Check our article reviewing the differences between Expression-Based Access Control (EBAC).","og_url":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html","og_site_name":"Java Code Geeks","article_publisher":"https:\/\/www.facebook.com\/javacodegeeks","article_published_time":"2019-01-04T05:00:19+00:00","og_image":[{"width":150,"height":150,"url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","type":"image\/jpeg"}],"author":"Michael Good","twitter_card":"summary_large_image","twitter_creator":"@javacodegeeks","twitter_site":"@javacodegeeks","twitter_misc":{"Written by":"Michael Good","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html#article","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html"},"author":{"name":"Michael Good","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/d13cc729556b91450ae21878a82139ed"},"headline":"Expression-Based Access Control","datePublished":"2019-01-04T05:00:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html"},"wordCount":836,"commentCount":0,"publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"image":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","keywords":["Spring Security"],"articleSection":["Enterprise Java"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html","url":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html","name":"Expression-Based Access Control - Java Code Geeks","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html#primaryimage"},"image":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","datePublished":"2019-01-04T05:00:19+00:00","description":"Interested to learn about Expression-Based Access Control? Check our article reviewing the differences between Expression-Based Access Control (EBAC).","breadcrumb":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html#primaryimage","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","width":150,"height":150,"caption":"spring-interview-questions-answers"},{"@type":"BreadcrumbList","@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/expression-based-access-control.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.javacodegeeks.com\/"},{"@type":"ListItem","position":2,"name":"Java","item":"https:\/\/www.javacodegeeks.com\/category\/java"},{"@type":"ListItem","position":3,"name":"Enterprise Java","item":"https:\/\/www.javacodegeeks.com\/category\/java\/enterprise-java"},{"@type":"ListItem","position":4,"name":"Expression-Based Access Control"}]},{"@type":"WebSite","@id":"https:\/\/www.javacodegeeks.com\/#website","url":"https:\/\/www.javacodegeeks.com\/","name":"Java Code Geeks","description":"Java Developers Resource Center","publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"alternateName":"JCG","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.javacodegeeks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.javacodegeeks.com\/#organization","name":"Exelixis Media P.C.","url":"https:\/\/www.javacodegeeks.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","width":864,"height":246,"caption":"Exelixis Media P.C."},"image":{"@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/javacodegeeks","https:\/\/x.com\/javacodegeeks"]},{"@type":"Person","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/d13cc729556b91450ae21878a82139ed","name":"Michael Good","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/dc6ef7dbff80afe08a3cdc3b0677aaa26021085e041ce1873dc2141bc581b623?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/dc6ef7dbff80afe08a3cdc3b0677aaa26021085e041ce1873dc2141bc581b623?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/dc6ef7dbff80afe08a3cdc3b0677aaa26021085e041ce1873dc2141bc581b623?s=96&d=mm&r=g","caption":"Michael Good"},"description":"Michael is a software engineer located in the Washington DC area that is interested in Java, cyber security, and open source technologies. Follow his personal blog to read more from Michael.","sameAs":["http:\/\/www.michaelcgood.com"],"url":"https:\/\/www.javacodegeeks.com\/author\/michael-good"}]}},"_links":{"self":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/85521","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/users\/5558"}],"replies":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/comments?post=85521"}],"version-history":[{"count":0,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/85521\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media\/240"}],"wp:attachment":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media?parent=85521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/categories?post=85521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/tags?post=85521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}