This question from 2 years ago - Using Spring Security ACL with Spring Data REST - talks about spring-data-rest and record-based authorization with Spring Security.
I'm asking again to see if there is any new solution, or anything in the pipeline.
Ideally I'd like to use something highly RESTful, e.g. Prevents HTTP method in spring-data-rest - examines how to implement the HTTP OPTIONS method and my aim would be to be able to plug in something to SDR that allows me to do the authorization verification based on authenticated user and the data from the model.
Again, hopefully someone out there, perhaps the Spring guys themselves, have a neat way of enhancing SDR, maybe with Spring Security using ACL http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#domain-acls
I've seen a bit of activity in this direction for CORS but I'm not doing any cross-origin stuff so I haven't been down that road.
