User submissions are the sole responsibility of contributors, with TuteeHUB disclaiming liability for accuracy, copyrights, or consequences of use; content is for informational purposes only and not professional advice.

Answers (2)

Post Answer

manpreet Best Answer 3 years ago

I'm trying to use preAuthorize to protect url. Only people registered in the course can access the course. Here is my code:

Controller:

@Controller
@RequestMapping(value = "/course/{courseId}")
@PreAuthorize("@userService.isCurrentUserinCourse(authentication, courseId)")
public class SyllabusController {
    @RequestMapping(value = { "/syllabus" }, method = RequestMethod.GET)
    public ModelAndView syllabusPage(@PathVariable("courseId") int courseId) {
    ...}

UserServiceImpl:

@Service("userService")
public class UserServiceImpl implements UserService {
    @Autowired
    private UserDAO userDAO;
    @Override
    public boolean isUserinCourse(int userId, int courseId) {
        return userDAO.isUserinCourse(userId, courseId);
    }

    @Override
    public boolean isCurrentUserinCourse(Authentication authentication, int courseId) {
    if (!(authentication instanceof AnonymousAuthenticationToken)) {
            return isUserinCourse(((UserModel) authentication.getPrincipal()).getId(), courseId);
    }
    return false;
}

spring-security.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<global-method-security pre-post-annotations="enabled" />

<http auto-config="true" use-expressions="true">

and we I go to /course/{id}/syllabus without out login, it shows the page where it should not. And debug is not go into isCurrentUserinCourse(Authentication authentication, int courseId) method in UserServiceImpl. where

0 views

0 shares

manpreet 3 years ago

@PreAuthorize("@userService.isCurrentUserinCourse(authentication, courseId)")

You can get the authentication by following static method

SecurityContextHolder.getContext().getAuthentication()

and the courseId you need to change to #coureseId, and you need move this to the method, not class,so you can change to

    @PreAuthorize("@userService.isCurrentUserinCourse(#courseId)")
    @RequestMapping(value = { "/syllabus" }, method = RequestMethod.GET)
    public ModelAndView syllabusPage(@PathVariable("courseId") int courseId) {
    ...}

0 views 0 shares

No matter what stage you're at in your education or career, TuteeHUB will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.

Popular Categories

@PreAuthorize not working on controller using

Manpreet Singh

Answers (2)

manpreet Best Answer 3 years ago

manpreet 3 years ago

Similar Forum

Neet 2019 syllabus will change?

Syllabus in LaTeX

Does Hogwarts follow any specific syllabus for DADA?

Explore Other Libraries

Online Exams

Question Bank

Career News

Feeds

Full Forms

Dictionary

Interview Question

Gigs

Quotes

Lyrics

Videos

Courses

Blogs

Tutorials

Forum

Educators

Corporates

Tools

Related Searches

Important Course Queries Links

Join Our Community Today