Aug 31st, 2012, 04:27 AM
spring-data-rest: how to implement security check on domain objects?
Is there any way in spring-data-rest to verify that a user is indeed authorised to read a specific domain object? I need to implement some kind of ACL-like mechanism so a user can only read specific domain objects, to whom they have access.
Something like @RepositoryEventHandler where you can intercept the request after the domain object has been fetched from the DB, do the security checks and throw an AccessDeniedException for example.
Tags for this Thread