How to use the path variable in @Preauthorize

Question

How to use the path variable in @Preauthorize

I have a situation where I need to pass a path variable as an argument in preauthorize

@RequestMapping(value="/page/{cmd}", method = RequestMethod.GET) @PreAuthorize("hasRole(#cmd)") public void method(@PathVariable String cmd, HttpServletRequest request, HttpServletResponse response){ // my stuff }

This does not work. Can anyone suggest me how to use the path variable in preauthorization.

+6

java-ee spring-security

Nivmack Jul 23 '13 at 10:28

source share

1 answer

X. Wo Satuk · Answer 1 · 2016-06-01T09:23:36+0000

Spring Security @PreAuthorize used to authorize access to methods. He knows little about Spring MVC, in particular about its @RequestMapping annotation.

Names like #cmd will refer to the method parameters, and your cmd parameter is zero. Change it to:

 @PathVariable("cmd") String cmd

Thus, the cmd path variable will be bound to the parameter of the cmd method, which will then be bound to #cmd in @PreAuthorize .

How to use the path variable in @Preauthorize

More articles: