Spring Security
  1. Spring Security
  2. SEC-1796

Custom Security annotations don't work on TYPE level.

    Details

      Description

      Showcase project is attached.
      See showcase.controller.AdminController. This class is annotated by custom annotation showcase.security.IsAdmin.
      In the class method "secureInfo" has the same annotation.
      On welcome screen of the launched application. Press link "TYPE level annotation (Admin)". No auth prompt will be shown.
      Go back to welcome screen and press "METHOD level annotation (Admin)". You'll see the prompt. Type in login "user", password "1".
      You'll see "Access Denied". Go back to welcome page. Press "TYPE level annotation (Admin)" no check will be done.
      The same thing with service interface showcase.service.SecureService annotated at TYPE and METHOD levels.

        Activity

        Hide
        Luke Taylor added a comment -

        Resolved by using Spring's AnnotationUtils.findAnnotation, which checks for annotations which are annotated with the required type.

        Show
        Luke Taylor added a comment - Resolved by using Spring's AnnotationUtils.findAnnotation, which checks for annotations which are annotated with the required type.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Pavel Vorontsov
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: