How to use path variable in @Preauthorize

Question

I have a situation where i need to pass the path variable as a argument to the preauthorize

    @RequestMapping(value="/page/{cmd}", method = RequestMethod.GET)
    @PreAuthorize("hasRole(#cmd)") 
     public void method(@PathVariable String cmd, HttpServletRequest request,  HttpServletResponse response){
// my stuff
}

It is not working.can anyone suggest me how to use the path variable in pre authorize please.

Answer 1

Spring Security's @PreAuthorize is used for authorizing access to methods. It doesn't know really much about Spring MVC, in particular about its @RequestMapping annotation.

Names like #cmd will refer to method parameters, and your cmd parameter is null. Change it to:

@PathVariable("cmd") String cmd

This way, cmd path variable will be bound to cmd method parameter, which will then be bound by #cmd in @PreAuthorize.