java - pass HttpServletRequest in a hasPermission expression -


in spring security config i've got following settings:

    @override       protected void configure(httpsecurity http) throws exception       {           http         .authorizerequests()               .antmatchers("/login.htm", "/signup.htm").permitall()             .antmatchers("/page1.htm", "/page2.htm", "/page3.htm").access("@permission.haspermission(principal.username))     ....     } 

the @permission contains method haspermission @component bean decides whether principal username has access pages. in bean use dao methods determine this. however, need more knowledge make decision because it's not single page. instance, there way know page user has requested , pass in haspermission method? in other words, want like:

 .antmatchers("/page1.htm", "/page2.htm", "/page3.htm").access("@permission.haspermission(principal.username, httpservletrequest http)) 

see 2nd parameter of method. it's http request requested page know whether user requested page1, page2 or page3.. or if cannot pass parameter how can current requested page in implementation of haspermission method?

you should able access using following:

  @override   protected void configure(httpsecurity http) throws exception   {       http         .authorizerequests()               .antmatchers("/login.htm", "/signup.htm").permitall()             .antmatchers("/page1.htm", "/page2.htm", "/page3.htm").access("@permission.haspermission(principal.username,request)) .... } 

this due fact websecurityexpressionroot.request property exposed public final variable


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -