Announcement Announcement Module
Collapse
No announcement yet.
Problem with @Secured and superclass methods Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with @Secured and superclass methods

    Hi,

    Is it normal that an @Secured annotation applied to a class will not apply to the methods inherited from the superclass. I'm using CGLIB. So if I do

    Code:
    abstract class SuperClass {
    		
      public void foo(){
        bar();
      }
      abstract public void bar();
    }
    	
    @Secured("ROLE_USER")
    class SubClass extends SuperClass {
      public void bar() {}
    }
    and then get an instance of SubClass from the container, a call to foo() will not be secured. And I have to do this much less elegant version, which does work:

    Code:
    abstract class SuperClass {
      public void foo() {}
    }
    
    @Secured("ROLE_USER")
    class SubClass extends SuperClass {
      public void foo(){
        super.foo();
      }
    }
    Is there a way of making this work on superclass methods too? Thanks!

    --Frank

  • #2
    This behavior is intentional since the annotation is on the subclass and the method is defined on the superclass. To change this, you would need to write your own MethodSecurityMetadataSource. See SecuredAnnotationSecurityMetadataSource for an example.

    Comment

    Working...
    X