fallback for method based authorization #15257
Labels
in: docs
An issue in Documentation or samples
status: waiting-for-feedback
We need additional information before we can continue
type: bug
A general bug
I am following an example in the spring security document to handle fallback for method based authorization.
In this example,
@HandleAuthorizationDenied
annotation is on the POJO User class's getEmail method like this.This is not working in my test code. Here is my codes.
User class
UserService class
UserServiceTests class
Result is this.
Is there a something what I miss? Please let me know. Is it working well? I tried this example with spring data jpa because I doubted that there are some mechanism working together with jpa repository. However the trial with jpa was also failed.
I think that
@PostAuthorize
annotation is working based on Spring AOP, so we need to this annotation should be on the UserService bean's getUser method.Like this.
And MethodAuthorizationDeniedHandler instance is changed like this.
When I changed the code like above. Test result is this.
The example in the document is wrong or not? If sample code in the example is wrong, can I change like this?
The text was updated successfully, but these errors were encountered: