b) ? testService.sendResult(test, object, true) : testService.sendResult(test, object, false); }I want to use method sendResult() even when user doesn't have this specific role. It should be handled in a way where only users that have this role are able to enter the method. Maybe I can have some type of authentication fail handler to control this kind of situations...." />

Handling @PreAuthorize deny by role

I have a bunch of methods that send information depending on result that they produce:

@PreAuthorize("hasRole('SWITCH_STATE')")

@PutMapping(value="/{test}")

public ResponseEntity switchState(@PathVariable String test){

Object object = new Object();

int a;

int b;

...

(a > b) ? testService.sendResult(test, object, true)

: testService.sendResult(test, object, false);

}

I want to use method sendResult() even when user doesn't have this specific role. It should be handled in a way where only users that have this role are able to enter the method. Maybe I can have some type of authentication fail handler to control this kind of situations....

Read More »

By: StackOverFlow - Friday, 9 November

Related Posts

  • Older News
  • Springboot : antMatcher() vs method security StackOverFlow (2 days ago) - In spring security I see URL's secured with:http.authorizeRequests().antMatchers("/admin").hasRole("ADMIN");I also see that there is method level security:@PreAuthorize("hasRole('ADMIN')")Are the antMatchers used to secure the URL while the @PreAuthorize used to secure interfaces?If...