Reputation: 2088
SpringSecurity check method parameter
I need to restrict method execution with specific parameters. F.e. some seller can create bill for customer id=1 but can't for customer id=2. Is it possible implement in spring security or I should make check in business logic code?
Upvotes: 7
Views: 778
Answers (1)
Reputation: 7817
There are multiple options here:
- You can use Spring Security ACL module to take into account actual domain object for your security restrictions. It is a good option when you have multiple security rules like this.
If you have only one security rule like this then using ACL module may be an overkill. In this case it will be better to make check in your business code. You have two options to call this code:
Call it declaratively using annotation. You will be able reuse this check more easy, but you lose control over raised exception (it will be default AccessDeniedException):
@PreAuthorize("hasRole('ROLE_AAA') and @billValidatorBean.validateForCustomer(#customerId)") public createBill(Integer customerId, ...) {Or implement it in corresponding method directly which gives you complete control over everything.
Choose your way depending on situation.
Upvotes: 6
Related Questions
- Inspecting Spring Security MethodInvocation for precise argument info
- Spring Security and() method
- Conditional Spring Security
- Check extra parameters with Spring Security
- spring security permission programatic check
- Handling AccessDenied with Method Level Security
- Authenticate method parameters using Spring-Security
- Spring security - securing method request with hasPermission
- Spring security - Access to a controller method based on an attribute
- How do I check method level spring security