0

I am using Spring 3 and implemented MVC using simpleUrlMapping. I am having CustomerController class. In CustomerController I am having three methods:

  1. View customer
  2. Add customer
  3. Delete customer

The above actions are getting called using method name resolver.

My requirement over here depending upon the logged in user and privilege I want to protect the corresponding method calls.

Delete customer method should be called by the privilege user and not by all the user.

I am using Spring Security as well. Is there any way to protect the delete customer method with Spring security?

dur
  • 15,689
  • 25
  • 79
  • 125
Rahul Tokase
  • 1,048
  • 9
  • 25

1 Answers1

0

options: 

@RequestMapping
 public void deleteCustomer(HttpServletRequest request) {
    if(request.isUserInRole("ROLE_ADMIN"){
      // do deletion
    };

 }

or use @EnableGlobalMethodSecurity

 @PreAuthorize("hasRole('ROLE_ADMIN')")
 @RequestMapping
 public void deleteCustomer(HttpServletRequest request) {
Dirk Deyne
  • 6,048
  • 1
  • 15
  • 32
  • Hi Thanks for the answer. In spring security 3 we have @preauthorize but do you how we can achieve the same in spring security 2. Unfortunately i m using spring security 2 along with spring 3 – Rahul Tokase May 01 '18 at 12:40