StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>It's not possible. But there is another way. You can define you own web expression that will be responsible for extracting of id parameter from URL. It may looks like that:</p> <pre><code><security:intercept-url pattern="/user/{id}/edit" access="getIdUrlPathParameter() == principal.userId"/> </code></pre> <p>To do so you need: <br/> 1. Add CustomWebSecurityExpressionRoot that extends <strong>WebSecurityExpressionRoot</strong> <br/> 2. Add getIdUrlPathParameter() method. It will have access to HttpServletRequest object. <br/> 3. Define CustomWebSecurityExpressionHandler that extends <strong>DefaultWebSecurityExpressionHandler</strong>. Override createSecurityExpressionRoot method abd use your CustomWebSecurityExpressionRoot here. <br/> 4. Define custom access decision manager (xml below) <br/> 5. Inject it into your <strong>http</strong> element via access-decision-manager-ref attribute</p> <pre><code><security:http access-decision-manager-ref="customAccessDecisionManagerBean" > <security:intercept-url pattern="/user/{id}/edit" access="getIdUrlPathParameter() == principal.userId"/> </security:http> <bean id="customWebSecurityExpressionHandler" class="com.domain.security.CustomWebSecurityExpressionHandler"/> <bean id="customAccessDecisionManagerBean" class="org.springframework.security.access.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <bean class="org.springframework.security.web.access.expression.WebExpressionVoter"> <property name="expressionHandler" ref="customWebSecurityExpressionHandler" /> </bean> </list> </property> </bean> </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload