It is ok to delete using GET if im using Spring MVC with Spring security? -
it ok delete using if im using spring mvc spring security? can secure /entity/delete/{id} path group of users.
what mean "is ok"? work, yes. clearer use actual delete verb. can use spring's hiddenhttpmethodfilter achieve this, while securing url spring security using this:
<sec:intercept-url pattern="/entity/**" method="delete" access="hasrole('role_admin')" /> 
Comments
Post a Comment