Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PreAuthorizeExpressionAttributeRegistry#resolveAttribute can't find annotation on class when method is declared on superclass #13783

Closed
honhimW opened this issue Sep 7, 2023 · 1 comment · Fixed by #14516
Closed

PreAuthorizeExpressionAttributeRegistry#resolveAttribute can't find annotation on class when method is declared on superclass #13783

honhimW opened this issue Sep 7, 2023 · 1 comment · Fixed by #14516
Assignees
@jzheaux
Labels
in: core An issue in spring-security-core type: enhancement A general enhancement

Comments

@honhimW
Copy link

honhimW commented Sep 7, 2023

Describe the bug
Using @PreAuthorize annotation on Class is not found when method is declared on superclass.

To Reproduce

Tips: I'm using in reactive;

Create a class and define methods like:

class SomeApi {
    @XXXMapping("/hello")
    public Response hello(Request request) {
         return ...;
    }
}

Create a controller:

@RestController
@PreAuthorize("hasAnyRole('xxx')")
class Controller extands(implement) SomeApi {
// nothing here
}
@honhimW honhimW added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Sep 7, 2023
@honhimW
Copy link
Author

honhimW commented Dec 8, 2023
edited
Loading

Well, I was wondering if there are any updates on this?
Basically, i personally solve this problem as follow

/**
 * @see org.springframework.security.authorization.method.PostAuthorizeExpressionAttributeRegistry#findPostAuthorizeAnnotation
 */
private PostAuthorize findPostAuthorizeAnnotation(Method method) {
    PostAuthorize postAuthorize = AuthorizationAnnotationUtils.findUniqueAnnotation(method, PostAuthorize.class);
    // org.springframework.security.authorization.method.PostAuthorizeExpressionAttributeRegistry#resolveAttribute
    // Use `targetClass`(from calling method argument) instead of `method.getDeclaringClass()`.
    return (postAuthorize != null) ? postAuthorize
		: AuthorizationAnnotationUtils.findUniqueAnnotation(targetClass, PostAuthorize.class); 
}

@jzheaux jzheaux self-assigned this Dec 11, 2023
@jzheaux jzheaux added in: core An issue in spring-security-core type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Dec 11, 2023
kse-music added a commit to kse-music/spring-security that referenced this issue Jan 22, 2024
@kse-music
Closes spring-projectsgh-13783
f0516e0
kse-music added a commit to kse-music/spring-security that referenced this issue Jan 22, 2024
@kse-music
Closes spring-projectsgh-13783
9f63c4f
@kse-music kse-music mentioned this issue Jan 22, 2024
Closed
kse-music added a commit to kse-music/spring-security that referenced this issue Feb 1, 2024
@kse-music
Merge remote-tracking branch 'origin/spring-projectsgh-13783' into sp…
c62f760 
…ring-projectsgh-13783
kse-music added a commit to kse-music/spring-security that referenced this issue Feb 1, 2024
@kse-music
Have Method Security Start at Target Class
380791a 
Closes spring-projectsgh-13783
@kse-music kse-music mentioned this issue Feb 1, 2024
Merged
jzheaux pushed a commit that referenced this issue Feb 1, 2024
@kse-music @jzheaux
Have Method Security Start at Target Class
b0da37d 
Closes gh-13783
jzheaux pushed a commit that referenced this issue May 23, 2024
@kse-music @jzheaux
Have Method Security Start at Target Class
323ee8a 
Closes gh-13783
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Projects
Spring Security Team
Status: Done
Milestone
No milestone
2 participants
@jzheaux @honhimW