Spring Security
  1. Spring Security
  2. SEC-1096

Revert SEC-1016: Modify ordering in GlobalMethodSecurityBeanDefinitionParser

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0 M1
    • Fix Version/s: 3.0.0 M2
    • Component/s: Core, Namespace
    • Labels:
      None

      Description

      The original issue requested to make pointcuts take precedence over annotations, which has now been implemented. Actually I do not like this change, and the reason behind it.

      The way I see it, you can use pointcuts to specify default security restrictions (as a simple example; disallow all access to classes with the @Service annotation), and override these global restrictions using class- or method-specific annotations.

      I think the reason for the original request was to be able to override hard-coded security restrictions using configuration changes, for example at deployment time. IMO, if one requires this functionality, one shouldn't have used hard-coded annotations in the first place. This is also a security and maintenance risk; the programmer thinks he has implemented security restrictions correctly, but later on somebody modifies these restrictions from the outside.

      Maybe it should be configurable which mechanism takes precendence, but I think the fail-safe default should be that annotations take precedence over pointcuts.

        Issue Links

          Activity

          Hide
          Luke Taylor added a comment -

          I think you're probably right. I've reverted the change, so annotations take precedence.

          Show
          Luke Taylor added a comment - I think you're probably right. I've reverted the change, so annotations take precedence.

            People

            • Assignee:
              Luke Taylor
              Reporter:
              Ruud Senden
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: