Results 1 to 2 of 2

Thread: Method authorization

  1. May 4th, 2012, 02:48 PM #1
    phe
    phe is offline Member
    Join Date
    Feb 2011
    Posts
    39

    Default Method authorization

    ACL is overkill for my application because my services retrieve all objects from another Spring application. Still i would like that users canīt see data that does not belong to them. As i understand this is possible

    Code:
    @PreAutorize(#username == principal.username)
public String viewProfile( String username) {
 retutn "";
}
    would like to something like

    Code:
    @PreAutorize(#company == principal.company)
public String viewProfile( Company company) {
  retutn "";
}

    The principal does not have a company attribute but hope you understand what I am trying to do.
    What is the best way of doing this?

    Thanks
    Last edited by phe; May 5th, 2012 at 06:08 AM.
    Reply With Quote Reply With Quote
  2. May 5th, 2012, 03:47 PM #2
    arai
    arai is offline Junior Member
    Join Date
    Apr 2012
    Posts
    9

    Default

    you can get some idea from http://stackoverflow.com/questions/9...on-not-working
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules