diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
index 7c35753f..3f14089c 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
@@ -30,6 +30,8 @@ import org.apache.archiva.redback.policy.MustChangePasswordException;
 import org.apache.archiva.redback.system.SecuritySession;
 import org.apache.archiva.redback.system.SecuritySystem;
 import org.apache.commons.lang.StringUtils;
+import org.apache.cxf.jaxrs.model.OperationResourceInfo;
+import org.apache.cxf.jaxrs.model.Parameter;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
 import org.slf4j.Logger;
@@ -39,10 +41,17 @@ import org.springframework.stereotype.Service;
 import javax.inject.Inject;
 import javax.inject.Named;
 import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.QueryParam;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
 import javax.ws.rs.ext.Provider;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Method;
+import java.util.List;
 
 /**
  * @author Olivier Lamy
@@ -132,10 +141,16 @@ public class PermissionsInterceptor
                         }
                         try
                         {
+                            String resource = redbackAuthorization.resource();
+                            if (resource.startsWith("{") && resource.endsWith("}") && resource.length()>2) {
+                                resource = getMethodParameter(containerRequestContext, message, resource.substring(1,resource.length()-1));
+                                log.debug("Found resource from annotated parameter: {}",resource);
+                            }
+
                             AuthorizationResult authorizationResult =
                                 securitySystem.authorize( authenticationResult.getUser(), permission, //
-                                                          StringUtils.isBlank( redbackAuthorization.resource() ) //
-                                                              ? null : redbackAuthorization.resource() );
+                                                          StringUtils.isBlank( resource ) //
+                                                              ? null : resource );
                              if ( authenticationResult != null && authorizationResult.isAuthorized() )
                             {
                                 log.debug( "isAuthorized for permission {}", permission );
@@ -188,4 +203,44 @@ public class PermissionsInterceptor
         containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
 
     }
+
+    /*
+     * Extracts a request parameter value from the message. Currently checks only path and query parameter.
+     */
+    private String getMethodParameter(final ContainerRequestContext requestContext, final Message message, final String parameterName) {
+        OperationResourceInfo operationResourceInfo = message.getExchange().get( OperationResourceInfo.class );
+        if ( operationResourceInfo == null )
+        {
+            return "";
+        }
+        Annotation[][] annotations = operationResourceInfo.getInParameterAnnotations();
+
+        for(int i = 0; i< annotations.length; i++) {
+            for (int k = 0; k < annotations[i].length; k++) {
+                if (annotations[i][k] instanceof PathParam && parameterName.equals(((PathParam) annotations[i][k]).value())) {
+                    log.debug("Found PathParam annotation");
+                    UriInfo uriInfo = requestContext.getUriInfo();
+                    MultivaluedMap<String, String> pathParameters = uriInfo.getPathParameters();
+                    if (pathParameters.containsKey(parameterName)) {
+                        return pathParameters.getFirst(parameterName);
+                    } else {
+                        break;
+                    }
+                } else if (annotations[i][k] instanceof QueryParam && parameterName.equals(((QueryParam) annotations[i][k]).value())) {
+                    log.debug("Found QueryParam annotation");
+                    UriInfo uriInfo = requestContext.getUriInfo();
+                    MultivaluedMap<String, String> pathParameters = uriInfo.getQueryParameters();
+                    if (pathParameters.containsKey(parameterName)) {
+                        return pathParameters.getFirst(parameterName);
+                    } else {
+                        break;
+                    }
+                }
+            }
+        }
+        log.warn("No matching request parameter value found: {}", parameterName);
+        return "";
+    }
+
+
 }