@PreAuthorize how do i add a parameter into the expression

Question

Maybe somebody has an idea

I have an abstract controller providing me the endpoints i need.

In the @PreAuthorized i would execute the check if the user has the required roles. Problem is that i have only one function and i want to check which endpoint is currently evaluated.

This is the code:

public abstract class CoreController<T> {

    private final JpaRepository repository;
    private final CoreService service;
    public String endpoint;
    private String view;

    public CoreController(CoreService service, JpaRepository repository, String endpoint, String view) {
        this.service=service;
        this.repository = repository;
        this.endpoint=endpoint;
        this.view=view;
    }

    @PreAuthorize("@checkAccess.isAllowedToGet(#endpoint)")
    @RequestMapping(method = RequestMethod.GET, value = "/get")
    public ResponseEntity<CrudPage<Map<String, Object>>> get(CoreCriteria criteria) {
        criteria.setView(view);
        CrudPage<Map<String, Object>> data = service.getPage(criteria);
        return ResponseEntity.ok(data);
    }

The problem is the endpoint is always null when the function is called. How should i change the expression to make this work.

`#endpoint` cannot work, because you have only `criteria` as a method parameter. — dur, Mar 10 '21 at 12:40
Maybe you could add the request as an method parameter to your method and use it. See https://stackoverflow.com/questions/3320674/spring-how-do-i-inject-an-httpservletrequest-into-a-request-scoped-bean. — dur, Mar 10 '21 at 12:46
how can i make endpoint a method parameter reading the value from the controller — user2316219, Mar 10 '21 at 13:36

@PreAuthorize how do i add a parameter into the expression

0 Answers0