Re: [aerogear-dev] [aerogear-controller] Question regarding SecurityProvider
Hi Tobias,
Because we protect only the method/endpoint but not each record
specifically. But of course you can implement it programmatically, write
a servlet filter to this specific situation.
I think there are several scenarios for it. If you move to pure JAX-RS
for example, I guess will you face with the same situation, but of
course, suggestions/patches are always welcome.
Tobias Getrost wrote:
Hi all,
I am trying to implement the following use case using
aerogear-controller. I have a route to /cars/{id} (GET) and I want to
restrict the access based on the id of the requested car. Say user Tom
shall be able to get /car/4711 and user Tim shall not.
Currently theSecurityProvider only gets the Route as parameter in
itsisRouteAllowed method. As I understand to realize the above scenario
I would need the full RouteContext. Is there a particular reason why
only the Route is handed over to the SecurityProvider?
--
abstractj