Expand description
Procedural macros for Spring Security-like method-level security.
§Spring Security Equivalents
| Spring Security | actix-security-codegen |
|---|---|
@Secured("ROLE_ADMIN") | #[secured("ADMIN")] |
@PreAuthorize("hasRole('ADMIN')") | #[pre_authorize(role = "ADMIN")] |
@PreAuthorize("hasAuthority('read')") | #[pre_authorize(authority = "read")] |
@PreAuthorize("isAuthenticated()") | #[pre_authorize(authenticated)] |
@PermitAll | #[permit_all] |
@DenyAll | #[deny_all] |
@RolesAllowed({"ADMIN"}) | #[roles_allowed("ADMIN")] |
§Usage
ⓘ
use actix_security_codegen::{secured, pre_authorize};
use actix_security_core::http::security::AuthenticatedUser;
use actix_web::{get, HttpResponse, Responder};
// Role-based security (like @Secured)
#[secured("ADMIN")]
#[get("/admin")]
async fn admin_only(user: AuthenticatedUser) -> impl Responder {
HttpResponse::Ok().body("Admin area")
}
// Authority-based security (like @PreAuthorize)
#[pre_authorize(authority = "users:read")]
#[get("/api/users")]
async fn get_users(user: AuthenticatedUser) -> impl Responder {
HttpResponse::Ok().body("Users")
}
// Authentication check only
#[pre_authorize(authenticated)]
#[get("/protected")]
async fn protected(user: AuthenticatedUser) -> impl Responder {
HttpResponse::Ok().body("Protected")
}Attribute Macros§
- authenticated
Deprecated - Deprecated: Use
#[pre_authorize(authenticated)]instead. - deny_
all - Marks an endpoint as completely inaccessible (always returns 403 Forbidden).
- has_
access Deprecated - Deprecated: Use
#[pre_authorize(authority = "...")]instead. - has_
role Deprecated - Deprecated: Use
#[secured("ROLE")]instead. - permit_
all - Marks an endpoint as publicly accessible (no authentication required).
- pre_
authorize - Flexible method security annotation with SpEL-like expressions.
- roles_
allowed - Role-based method security annotation (Java EE standard).
- secured
- Role-based method security annotation.