Spring security : How to use @RolesAllowed with @RequestBody
Question
I have a method like this:
@RolesAllowed("ROLE_A")
@RequestMapping(value = "/",
method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE)
public MRSData modifyMarketData(@RequestBody RequestObject body){
return repository.save(collection, body);
}
@Document
@Data
public class RequestObject {
@Id
@JsonInclude(JsonInclude.Include.NON_NULL)
private String _id;
private Object metadata;
private Object body;
}
Request looks like this:
{
"_id": "5f4ba6b3d93a8c1452f596a0",
"metadata": {
"data_type":"A"
}
}
Now only certain roles are allowed to access "data_type=A".
I want to use @RolesAllowed or equivalent to block the request based on @RequestBody
How should i achieve this?
Tx in advannce
1 answers
solution1
1 ACCPTED 2021-03-01 13:35:53
If you want to filter based on request value, you can use @PreAuthorize .
Some examples: https://www.baeldung.com/spring-security-method-security
Old answer:
You can use @PostAuthorize (or maybe @PostFilter ) to restrict access based on the method's return value.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.