Announcement Announcement Module
No announcement yet.
using expression-based authorization with principal Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • using expression-based authorization with principal

    I'm trying to use @PreAuthorize expressions to check attributes of the current principal:

    @PreAuthorize("principal.myAttribute == 'someValue')
    void myMethod() {}
    When the user is logged in, this check works correctly and myMethod is executed only if the principal's attribute has the correct value.

    However, when the user is not logged in (or logged in with another authentication method that returns a different UserDetails implementation), I get a SpelEvaluationException with the message "Failed to evaluate expression 'principal.myAttribute == 'someValue''". I would have expected the AccessDecisionVoter to deny access if an exception occurs.

    Is it possible to configure the PreInvocationAuthorizationAdviceVoter to deny access instead of passing the exception up the call stack?

  • #2
    You would need to include anonymous authentication and customize the principal of the anonymous authentication to include your attribute. You can do this by overriding createAuthentication within the AnonymousAuthenticationFilter and ensuring the principal is a custom principal that contains the attribute you require. Alternatively you can do this by writing a custom AnonymousAuthenticationProvider that returns an AnonymousAuthetnicationToken that has a principal that includes your custom property.