How to conditionally add field to JSON using Spring Security persmissions

Question

I am writing a REST web service and I am using Spring 4 with annotation-based configuration.

I am also using Spring security for HTTP Basic authentication and authorization.

I have an ItemRestPresentation class purely used for the presentation layer whose instances are created in my controller method using instances of another class called Item (the actual domain object). ItemRestPresentationinstances get converted to the following JSON by my controller method:

ItemRestPresentation class:

public class ItemRestPresentation {

    private String name;
    private String description;
    private boolean canDelete;

   // ... private constructor, public getters and public static factory method to create an ItemRestPresentation instance from an Item instance

}

Generated JSON :

{
    "name" : "item1",
    "description": "Sample item for testing",
    "canDelete" : true
}

Is it possible to use Spring Security ACL to set the canDelete member of the ItemRestPresentation instance to the correct value depending on whether the current user has permission to delete it?

You could use an `@PostFilter` interceptor on the method returning the resources DTO. — chrylis -cautiouslyoptimistic-, Jul 13 '14 at 13:01
@chrylis: Wouldn't a "@PostFilter" filter out the whole object if the condition evaluates to false? I want it to be included in the response, but with the "canDelete" field set to false. — gmigdos, Jul 13 '14 at 15:40
I believe you can modify the object rather than simply reject it. I'm not familiar with the Spring Security domain annotations, but I know there's some way to declaratively decorate methods. — chrylis -cautiouslyoptimistic-, Jul 13 '14 at 17:55

How to conditionally add field to JSON using Spring Security persmissions

0 Answers0