How to parse UUID from method param for Spring Security @PreAuthorize using SpEL?

Question

i have this controller with Spring @PreAuthorize annotation:

@PreAuthorize("hasRole('ROLE_USER') and #id == authentication.name")
public ResponseEntity<UserProfileDTO> updateProfile(@PathVariable(name = "id") final UUID id) {
//service call
}

but the problem is, that principal is String, and equals return false. How i can call java.util.UUID.fromString(authentication.name) ?

score 1 · Answer 1 · answered Jan 24 '18 at 13:04

1

this is the solution:

    @PreAuthorize("hasRole('ROLE_USER') and #id == T(java.util.UUID).fromString(authentication.name)")

answered Jan 24 '18 at 13:04

Igor

478
9
22

5

Thank you for this code snippet, which might provide some limited short-term help. A proper explanation [would greatly improve](//meta.stackexchange.com/q/114762) its long-term value by showing *why* this is a good solution to the problem, and would make it more useful to future readers with other, similar questions. Please [edit] your answer to add some explanation, including the assumptions you've made. – Toby Speight Jan 24 '18 at 13:52
Also you could do some more research (first link on Google with `spring el method call` on SO), before asking a question, which is already answered. – dur Jan 24 '18 at 14:00

How to parse UUID from method param for Spring Security @PreAuthorize using SpEL?

1 Answers1