Announcement Announcement Module
Collapse
No announcement yet.
Method authorization Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Method authorization

    ACL is overkill for my application because my services retrieve all objects from another Spring application. Still i would like that users canīt see data that does not belong to them. As i understand this is possible

    Code:
    @PreAutorize(#username == principal.username)
    public String viewProfile( String username) {
     retutn "";
    }
    would like to something like

    Code:
    @PreAutorize(#company == principal.company)
    public String viewProfile( Company company) {
      retutn "";
    }

    The principal does not have a company attribute but hope you understand what I am trying to do.
    What is the best way of doing this?

    Thanks
    Last edited by phe; May 5th, 2012, 06:08 AM.

  • #2
    you can get some idea from http://stackoverflow.com/questions/9...on-not-working

    Comment

    Working...
    X