So, I'm on a small project which has some multi-tenancy. Simply put; user A can see the bananas on his trees, and user B can see the bananas on his own trees... but they can't see each others. But it's restfull, so ideally, you'd call something like /tree/{tree-id}/bananas And since we know who's executing the call (since it's authenticated), we can verify that it's user A calling us, and then check which trees he can see. If he's trying to be sneaky, and does a restcall with a treeId of B, a security violation should occur. Okay, so how do we do that? Well, the application has a controller for that, and we'd want to secure it there. So, assume we have the following code: public List<Banana> getBananasOfTree(String tree) Since it's supposed to be annotated, we'd use something like this: @RequestMapping("/tree/{tree-id}/bananas") @Secured // or some other requirement public List<Banana> getBananasOfTree(@Pat...
This is a simple blog to help me remember those cool code snippets which I used. Either by copy, or by cobbling... I do not intend this to be read by people except for me and my bad mind.