I am using spring boot, web MVC and spring security with java configuration. My URLs are 'RESTful' and would like to add custom authorisation methods.
For Example:
.antMatchers("/path/*/**").access("@myBean.authorise()")
I want to achieve something like this:
.antMatchers("/path/{token}/**").access("@myBean.authorise(token)")
I understand that I can pass in the HttpServletRequest
and manually strip the path, but would like to avoid this! Also not too keen on method level security, would rather keep the config in one place as I have many controllers.
Thanks!