I have a situation where i need to pass the path variable as a argument to the preauthorize
@RequestMapping(value="/page/{cmd}", method = RequestMethod.GET)
@PreAuthorize("hasRole(#cmd)")
public void method(@PathVariable String cmd, HttpServletRequest request, HttpServletResponse response){
// my stuff
}
It is not working.can anyone suggest me how to use the path variable in pre authorize please.
Spring Security's @PreAuthorize is used for authorizing access to methods. It doesn't know really much about Spring MVC, in particular about its @RequestMapping annotation.
Names like #cmd will refer to method parameters, and your cmd parameter is null. Change it to:
@PathVariable("cmd") String cmd
This way, cmd path variable will be bound to cmd method parameter, which will then be bound by #cmd in @PreAuthorize.