stackoom
  简体   繁体   中英

Spring Boot Securing User Data URL modification

 原文  2018-08-01 20:48:15       spring-boot/ web-deployment

Question

I'm using spirng boot with security to create habit tracker. I got my database, user and goals. The problem is I can access other user goals and edit them by changing goal id in the URL.

What is the solution? Should I encode the url or do something else?

1 answers

solution1
 0 ACCPTED  2018-08-01 21:34:16

These are so called ACLs. For complex applications read here: https://docs.spring.io/spring-security/site/docs/current/reference/html5/#domain-acls

For easy id cheeking you can use method-level security, eg. @PreAuthorize. Here: https://docs.spring.io/spring-security/site/docs/current/reference/html5/#el-pre-post-annotations

examples: http://websystique.com/spring-security/spring-security-4-method-security-using-preauthorize-postauthorize-secured-el/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Securing the root URL in Spring Boot Securing a api with an token in Spring Boot Keycloak - securing a Spring Boot application Securing a Spring boot api rest service Securing static resources in a Spring Boot App Securing Web Application with Spring Boot is not working Securing Spring Boot API with API key and secret Securing endpoints in Spring Boot by rights/roles Securing Spring boot Rest services with CAS Securing Spring Boot service with keycloak - JWT token
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM