StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POAuthorizing methods in Spring MVC Controller
text
Body
copied!<p>My aim is to protect some methods in my Spring 2.5 MVC Controller only to be accessed by specific users for e.g for Managers can access all the methods but Viewers can access a few of them. Though I have to access the session object to know if the current logged in user is a manager or not. I have a method for that.</p> <pre><code> public boolean isManager(HttpSession session){ //Dome some check } </code></pre> <p>The controller method I want to protect will look like this</p> <pre><code>@RequestMapping(value = "/getInfo", method = RequestMethod.GET) public ModelAndView getInfo(ModelMap model, HttpSession session) { //do something return new ModelAndView("info_page", model); } </code></pre> <p>So in the above method I want to have annotation which will allow only Managers to access that method.</p> <p>For e.g I want to have something like this</p> <pre><code>@RolesAllowed(AcessType.ManagerOnly) @RequestMapping(value = "/getInfo", method = RequestMethod.GET) public ModelAndView getInfo(ModelMap model, HttpSession session) { //do something return new ModelAndView("info_page", model); } </code></pre> <p>I have seen <a href="https://stackoverflow.com/questions/5528844/create-new-spring-annotation">this</a>question but it didn't help me how to pass the role(manager or something else) to the annotation and do the job. </p> <p>Do I have to create AccessType Enum. And based on the session set the role? We already use Spring Security for authentication and authorization.</p> <p>Any help will be appreciated !!</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload