Security [SOLVED]: Define anotation at runtime

Security [SOLVED]: Define anotation at runtime

Home Forums Security Security [SOLVED]: Define anotation at runtime

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #36736

    Anonymous

    QuestionQuestion

    I have this method in my application and I want to authorize to execute this method only users which have permssions 1,2 in a specific organization. I have overriden method hasPermission to check based on userid and organizationId if he has 1,2 permission in database but I cannot pass a variable organisationId in @PreAuthorize annotation.

    @GetMapping(value="api/v1/oroganisation/{organisationId}")
    @PreAuthorize("hasPermission('organisationId','[1,2]')")
    public String hello(){ 
        return "Hello";
    }
    

    #36737

    Anonymous

    Accepted AnswerAnswer

    Inject the organisationId into your hello() method as a method argument using a @PathVariable attribute. You can then refer to organisationId in your @PreAuthorize expression by prefixing it with a # character, i.e. #organisationId.

    Please see the documentation section 15.3.1 for full details.

    Source: https://stackoverflow.com/questions/47922423/define-anotation-at-runtime
    Author: Andy Brown
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.