spring-projects / spring-security

Spring Security

http://spring.io/projects/spring-security

Apache License 2.0

8.84k stars 5.91k forks source link

AuthorizeReturnObject should target the authorized object within MVC return values #16059

Open jzheaux opened 1 week ago

jzheaux commented 1 week ago

Placing @AuthorizeReturnObject on a method that returns ResponseEntity is limiting since the user doesn't have access to ResponseEntity to add the appropriate Security annotations.

14717 will add support for applying Security configuration to third-party components. As part of that, Security should consider providing a mixin for Spring Web container objects like `ResponseEntity` and `ModelAndView`.

evgeniycheban commented 22 hours ago

Hi, @jzheaux can I work on this?

spring-projects / spring-security

AuthorizeReturnObject should target the authorized object within MVC return values #16059

14717 will add support for applying Security configuration to third-party components. As part of that, Security should consider providing a mixin for Spring Web container objects like ResponseEntity and ModelAndView.

14717 will add support for applying Security configuration to third-party components. As part of that, Security should consider providing a mixin for Spring Web container objects like `ResponseEntity` and `ModelAndView`.