You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I create my own factory method, instantiating PreInvocationAuthorizationAdvice, which will be used in the GlobalMethodSecurityConfiguration.accessDecisionManager(), or at least if I override the preInvocationAuthorizationAdvice(), the result to be used when constructing the access decision manager.
Current Behavior
Currently, the accessDecisionManager() constructs its own instance of PreInvocationAuthorizationAdvice(ExpressionBasedPreInvocationAdvice), which is not even taken from its factory method PreInvocationAuthorizationAdvice preInvocationAuthorizationAdvice()
In fact, I currently don't see the point of this factory method.
Context
In this way, I could inject my custom implementation of PreInvocationAuthorizationAdvice. Now if I want to extend the behavior accessDecisionManager(), I have to copy/paste the original code and customize, while in my case, it's sufficient if I extend the ExpressionBasedPreInvocationAdvice class and use it in a factory method.
The text was updated successfully, but these errors were encountered:
@gkgeorgiev As a workaround, could you override GlobalMethodSecurityConfiguration.createExpressionHandler()?
This would allow you to customize the MethodSecurityExpressionHandler used in the ExpressionBasedPreInvocationAdvice.
Or is there a different customization you need to add to the ExpressionBasedPreInvocationAdvice?
@eleftherias, Thank you for your reply. Actually my goal was to influence the behavior of the AccessDecisionManager, which by default has a Voter based on the ExpressionBasedPreInvocationAdvice, but I found my work-around. I'm aware it's a specific case, but IMHO the code would make more sense in with the improvement request I've posted.
Thx again!
Expected Behavior
If I create my own factory method, instantiating PreInvocationAuthorizationAdvice, which will be used in the GlobalMethodSecurityConfiguration.accessDecisionManager(), or at least if I override the preInvocationAuthorizationAdvice(), the result to be used when constructing the access decision manager.
Current Behavior
Currently, the accessDecisionManager() constructs its own instance of PreInvocationAuthorizationAdvice(ExpressionBasedPreInvocationAdvice), which is not even taken from its factory method PreInvocationAuthorizationAdvice preInvocationAuthorizationAdvice()
In fact, I currently don't see the point of this factory method.
Context
In this way, I could inject my custom implementation of PreInvocationAuthorizationAdvice. Now if I want to extend the behavior accessDecisionManager(), I have to copy/paste the original code and customize, while in my case, it's sufficient if I extend the ExpressionBasedPreInvocationAdvice class and use it in a factory method.
The text was updated successfully, but these errors were encountered: