We are in a process of implementing REST API on top of our existing services backend. The controller has the following simple getter method, which returns a Json.
The controller method
@RequestMapping(value = "/{id}" , method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<IDTO> getIDTO(@PathVariable long id){
}
DTO Interface
public interface IDTO {
public long getId();
public double getCost();
public void setCost(double cost);
public double getPrice();
}
need to restrict "cost" attribute according to the user permission, in both getter and setter
I have tried with custom @PostAuthorize() and @PreAuthorize()
Bu in this method, i have to use reflection to read each field associated with the DTO. Which might produce slower execution in large DTO s.
What is the correct way of achieving this ?
Aucun commentaire:
Enregistrer un commentaire