Menu
I am using spring boot, web MVC and spring security with java configuration. My URLs are 'RESTful' and would like to add custom authorisation methods.
For Example:
.antMatchers("/path/*/**").access("@myBean.authorise()")
I want to achieve something like this:
.antMatchers("/path/{token}/**").access("@myBean.authorise(token)")
I understand that I can pass in the HttpServletRequest and manually strip the path, but would like to avoid this! Also not too keen on method level security, would rather keep the config in one place as I have many controllers.
Thanks!
659
You can access path variables, just prefix them with #. In your case, the correct syntax would be:
.antMatchers("/path/{token}/**").access("@myBean.authorise(#token)")
I'm not sure when this was introduced, but I know it is now supported. Reference: https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/el-access.html
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
