Ótimo, funcionou redondinho aqui
Se alguem estiver interessado, segue código da AST:
@Target([ElementType.METHOD])
@Retention(RetentionPolicy.SOURCE)
@GroovyASTTransformationClass("m10.authentication.ast.PermissionAST")
@interface Permission {
String value()
}
?
@GroovyASTTransformation(phase=CompilePhase.SEMANTIC_ANALYSIS)
class PermissionAST implements ASTTransformation {
@Override
void visit(ASTNode[] nodes, SourceUnit source) {
if (!nodes) return
if (!nodes[0] || !nodes[1]) return
if (!(nodes[0] instanceof AnnotationNode)) return
if (!(nodes[1] instanceof MethodNode)) return
AnnotationNode permission = nodes[0]
String permissionName = permission.getMember("value").text
MethodNode method = nodes[1]
AnnotationNode an = new AnnotationNode(ClassHelper.make(Secured))
an.addMember("value", new ConstantExpression("isFullyAuthenticated() and principal.hasPermission('${permissionName}')".toString()))
method.addAnnotation(an)
}
}?
Você anota uma action com @Permission("xxxx") e ela transforma para @Secured("isFullyAuthenticated() and principal.hasPermission('xxxx')"), à partir daí é com você e o spring security