[aerogear-dev] [aerogear-controller] Question regarding SecurityProvider
Bruno Oliveira
bruno at abstractj.org
Thu Jul 25 03:10:02 EDT 2013
Hi Tobias,
Because we protect only the method/endpoint but not each record
specifically. But of course you can implement it programmatically, write
a servlet filter to this specific situation.
I think there are several scenarios for it. If you move to pure JAX-RS
for example, I guess will you face with the same situation, but of
course, suggestions/patches are always welcome.
Tobias Getrost wrote:
> Hi all,
>
> I am trying to implement the following use case using
> aerogear-controller. I have a route to /cars/{id} (GET) and I want to
> restrict the access based on the id of the requested car. Say user Tom
> shall be able to get /car/4711 and user Tim shall not.
>
> Currently theSecurityProvider only gets the Route as parameter in
> itsisRouteAllowed method. As I understand to realize the above scenario
> I would need the full RouteContext. Is there a particular reason why
> only the Route is handed over to the SecurityProvider?
--
abstractj
More information about the aerogear-dev
mailing list