Hi! This is possible. There are 2 approaches. 1. Perform the authorization validations in the PreAuthorize/PostAuthorize annotations after enabling MethodSecurity. 2. Perform these validations inside… - Imesha Sudasingha - Medium

Great article Imesha.

Sasiprabha

Imesha Sudasingha

Oct 21, 2022

--

Hi! This is possible. There are 2 approaches.

1. Perform the authorization validations in the PreAuthorize/PostAuthorize annotations after enabling MethodSecurity.

2. Perform these validations inside your controller's methods.

In option 1, You can access the JWTAuthenticationToken as authentication inside the Pre/Post Authorize annotations. See https://www.baeldung.com/spring-security-method-security

In option 2, you can access the JWTAuthenticationToken as a parameter. See https://github.com/IMS94/spring-boot-jwt-authentication/blob/master/src/main/java/com/example/springboot/jwt/controller/UserController.java#L27

In the JWTAuthenticationToken you can access the relevant attribute to identify the user and query the DB.

I have a plan to write an article on that. Will see if I get some time.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by Imesha Sudasingha

Co-Founder @HighFlyer | Ex @WSO2 | Ex @BallerinaLang | Opensource | Member @TheASF

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams