I’ve some RESTful services, implemented with Spring MVC, exposing a set of resources. I

Question

0

Asked: June 17, 20262026-06-17T12:54:10+00:00 2026-06-17T12:54:10+00:00

I’ve some RESTful services, implemented with Spring MVC, exposing a set of resources. I

0

I’ve some RESTful services, implemented with Spring MVC, exposing a set of resources. I already use authentication, based on HTTPBasicAuthentication and HTTPS. Some of the resources must be accessible only to some users.

For example, I want that all sub-resources in the URI /users/{userid}/photos are accessible only to the user userid. Actually in my application they are accessible to all authenticated users. How can I protect them from other users except userid?
And what if I want to allow access to this resources only to a subset of users (like, for example, userid‘s friends)?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-17T12:54:11+00:00

Editorial Team

2026-06-17T12:54:11+00:00Added an answer on June 17, 2026 at 12:54 pm

I solved it by using @PreAuthorize("authentication.name == #userId"), instead of @Secured(value = {"userid"}) or @Secured(value = {"#userid"}) like suggested, that were not working.

Note it’s necessary to add <security:global-method-security pre-post-annotations="enabled"/> to the servlet context configuration file.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’ve some RESTful services, implemented with Spring MVC, exposing a set of resources. I

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply