I have a situation where i need to pass the path variable as a argument to the preauthorize
@RequestMapping(value="/page/{cmd}", method = RequestMethod.GET)
@PreAuthorize("hasRole(#cmd)")
public void method(@PathVariable String cmd, HttpServletRequest request, HttpServletResponse response){
// my stuff
}
It is not working.can anyone suggest me how to use the path variable in pre authorize please.
Spring Security's
@PreAuthorize
is used for authorizing access to methods. It doesn't know really much about Spring MVC, in particular about its@RequestMapping
annotation.Names like
#cmd
will refer to method parameters, and yourcmd
parameter is null. Change it to:This way,
cmd
path variable will be bound tocmd
method parameter, which will then be bound by#cmd
in@PreAuthorize
.