Company logo
  • Jobs
  • Bootcamp
  • About Us
  • For professionals
    • Home
    • Jobs
    • Courses
    • Questions
    • Teachers
    • Bootcamp
  • For business
    • Home
    • Our process
    • Plans
    • Assessments
    • Payroll
    • Blog
    • Sales
    • Calculator

0

78
Views
Restrict URL access control by id in jhipster

I have a problem that each user can retrieve other users data from URL.

For instance, I have a rest api like this:

@GetMapping("/getFindByPersonId/{perId}")
@Timed
public List<ComboVahedAmoozeshi> getFindBySkhsIdCombo(@PathVariable Long perId){
    return comboVahedAmoozeshiRepository.getFindBySkhsIdCombo(perId);
}

After authorization, each user can change id and get other users data like the image below:

enter image description here

Is there any suggestion to restrict each user to don`t have access to call the method? Or Jhipster have any options to use UUId to hide id?

10 months ago · Santiago Trujillo
1 answers
Answer question

0

Thanks from @atomferede for the right answer. I have to add jhi_user_id in other entities and used @postfilter annotation to limit user's access to data. Although, maybe it`s a good idea to have this option in jhipster generator to enhance the security level and faster implementation.

10 months ago · Santiago Trujillo Report
Answer question
Find remote jobs