java - Spring security - Secure a request by validating principle against @RequestParam parameter? -

java - Spring security - Secure a request by validating principle against @RequestParam parameter? -

i work restful api (with many urls) using spring 3.1.2, , want apply security filters per request uses both info authenticated user "principal" , info sent request.

example:

validate accountid request url:

http://www.foo.com/accountrecords?accountid=23

with principal info principal.accountid = 23.

i know can done within @requestmapping methods, want outside actual method, maintainable , configurable without interfering business logic.

but didn't find advice\sample it..

i believe should like: @preauthorize("principal.accountid == requestparam.accountid")

i think looking filters filter request , response. in spring, can utilize interceptors purpose.

public class myinterceptor extends handlerinterceptoradapter { @override public boolean prehandle(httpservletrequest request, httpservletresponse response, object handler) throws exception { httpsession session = request.getsession(false); string requestparam = request.getparameter("your request param"); } }

finally, need configure these interceptors in context.xml file:

<mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**"/> <bean class="com.example.myinterceptor" /> </mvc:interceptor> </mvc:interceptors>

java spring spring-mvc spring-security spring-el