Closed Junhyunny closed 1 week ago
Hi @Junhyunny, thanks for the report. Yes, the feature relies on Spring AOP. The documentation says:
Let’s consider the example from the previous section
The previous section uses @AuthorizeReturnObject
in the service class, effectively generating a proxy for the User
class. Can you try adding the annotation and see if it works?
Great! It is worked. Thanks, I am going to close this issue.
I am following an example in the spring security document to handle fallback for method based authorization.
In this example,
@HandleAuthorizationDenied
annotation is on the POJO User class's getEmail method like this.This is not working in my test code. Here is my codes.
User class
UserService class
UserServiceTests class
Result is this.
Is there a something what I miss? Please let me know. Is it working well? I tried this example with spring data jpa because I doubted that there are some mechanism working together with jpa repository. However the trial with jpa was also failed.
I think that
@PostAuthorize
annotation is working based on Spring AOP, so we need to this annotation should be on the UserService bean's getUser method.Like this.
And MethodAuthorizationDeniedHandler instance is changed like this.
When I changed the code like above. Test result is this.
The example in the document is wrong or not? If sample code in the example is wrong, can I change like this?