Closed dzulic closed 3 weeks ago
Hi @dzulic ! Have you tried using @HandleAuthorizationDenied
? Perhaps it will solve your problem.
@CrazyParanoid Hi, thanks for the reply. I haven't as I see it is in 6.3.0 and still in development, but I will check
currently I found a workaround, throwing AccessDeniedException in the customHasPermission method, which is then handled in the PreAuthorization correctly
Thanks, @dzulic for reaching out and @CrazyParanoid for sharing about the new feature.
Since this has been brought up previously in https://github.com/spring-projects/spring-security/issues/3306, I'll close this ticket and encourage continuing the conversation over there.
Custom method for has permissions is being invoked in PreAuthorize. Method customHasPermission checks for the permission in the token and returns true/false.
@PreAuthorize("@authService.customHasPermission('permission')")
Expected Behavior
Have thrown exception message if hasPermission is false with custom message with permission name Some suggestions would be having:
Current Behavior
Context
Trying to pass permission string to the AccessDeniedException so it can return custom message