nenaraab
commented
4 years ago Hi @D045451
thanks for your request. @PreAuthorize("hasAuthority('Display')") is a Spring annotation and is not explicitly implemented... spring-xsuaa client lib just does the integration and fills the list of authorities with the (local) scopes that are provided via the jwt token.
See also here: https://github.com/SAP/cloud-security-xsuaa-integration/tree/master/spring-xsuaa#check-authorization-on-method-level
This sample makes use of it.
Best regards, Nena
Hello colleagues,
I would like to understand which events (positive & negative events) are triggered by the xsuaa library within the scope checks e.g. in the @PreAuthorize annotation. Are these default spring- security security events?
Is there probably any documentation available?
Thanks a lot in advance