Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Method level @PreAuthorize does not overwrite a type level one [DATAREST-1579] #1914

Open
spring-projects-issues opened this issue Oct 31, 2020 · 1 comment
Assignees
Labels

Comments

@spring-projects-issues
Copy link

@spring-projects-issues spring-projects-issues commented Oct 31, 2020

yerzhant opened DATAREST-1579 and commented

According to docs method level security settings must overwrite repository level settings. But it fails when it comes to URI conversion:

Failed to convert from type [java.net.URI] to type [kz.toyville.back.catalog.domain.entity.Category] for value '/category/1'; nested exception is org.springframework.security.access.AccessDeniedException: Access is denied"},"message":"Failed to convert /category/1 into kz.toyville.back.catalog.domain.entity.Category!

 

How To Reproduce 

Run the "List toys for a category" test in the sample (link is below).

 

Expected behavior
Test List toys for a category (in CatalogWebTest) must not fail.

 

Sample
https://github.com/yerzhant/spring-rest-data-security


Reference URL: https://github.com/yerzhant/spring-rest-data-security

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Oct 31, 2020

yerzhant commented

FYI spring-projects/spring-security#9164

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants