Re-use the instance of PreInvocationAuthorizationAdvice in the GlobalMethodSecurityConfiguration

[gkgeorgiev]

Expected Behavior

If I create my own factory method, instantiating PreInvocationAuthorizationAdvice, which will be used in the GlobalMethodSecurityConfiguration.accessDecisionManager(), or at least if I override the preInvocationAuthorizationAdvice(), the result to be used when constructing the access decision manager.

Current Behavior

Currently, the accessDecisionManager() constructs its own instance of PreInvocationAuthorizationAdvice(ExpressionBasedPreInvocationAdvice), which is not even taken from its factory method PreInvocationAuthorizationAdvice preInvocationAuthorizationAdvice()
In fact, I currently don't see the point of this factory method.

Context

In this way, I could inject my custom implementation of PreInvocationAuthorizationAdvice. Now if I want to extend the behavior accessDecisionManager(), I have to copy/paste the original code and customize, while in my case, it's sufficient if I extend the ExpressionBasedPreInvocationAdvice class and use it in a factory method.

[eleftherias]

@gkgeorgiev As a workaround, could you override GlobalMethodSecurityConfiguration.createExpressionHandler()?
This would allow you to customize the MethodSecurityExpressionHandler used in the ExpressionBasedPreInvocationAdvice.
Or is there a different customization you need to add to the ExpressionBasedPreInvocationAdvice?

[gkgeorgiev]

@eleftherias, Thank you for your reply. Actually my goal was to influence the behavior of the AccessDecisionManager, which by default has a Voter based on the ExpressionBasedPreInvocationAdvice, but I found my work-around. I'm aware it's a specific case, but IMHO the code would make more sense in with the improvement request I've posted.
Thx again!