Skip to content

Controller throws 404 for all endpoints when implementing interface and adding @Secured to method #23744

@caspianb

Description

@caspianb

See sample code in branch (feature/secured-interface-bug) to reproduce issue:
https://github.com/caspianb/SpringBootTest/tree/feature/secured-interface-bug

I reproduced this issue in Spring Boot 2.1.0, 2.1.4, and 2.1.8.

Spring Controllers seem to be getting confused when implementing an interface and adding @Secured to an @Override method:

@RestController
public class UserController implements BaseController {

    @Override
    @RequestMapping(method = RequestMethod.GET)
    public ResponseEntity<String> getData() {
        return ResponseEntity.ok("You have access! <a href=\"/api\">Protected Access?</a> | <a href=\"/logout\">Logout</a>");
    }

    @Override
    @Secured("ROLE_ADMIN")
    @RequestMapping(path = "api", method = RequestMethod.GET)
    public ResponseEntity<String> getProtectedData() {
        return ResponseEntity.ok("You have protected access! <a href=\"/logout\">Logout</a>");
    }
}

The above example will always throw a 404 on either endpoint. Simply removing either the @Secured annotation or the implements BaseController will eliminate the 404.

The same occurs if I define the mappings on the interface itself. Ideally, I would like to define the mappings on the interface and then explicitly mark @Secured on implementing classes, but it seems odd that simply implementing an interface in conjunction with @Secured breaks the entire controller.

Note that trying to utilize either @RolesAllowed or@PreAuthorize has the same outcome as @Secured as described above.

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: webIssues in web modules (web, webmvc, webflux, websocket)status: declinedA suggestion or change that we don't feel we should currently apply

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions