Prevent Method call without Exception using @PreAuthorize Annotation

Posted by Chepech on Stack Overflow See other posts from Stack Overflow or by Chepech
Published on 2011-01-07T00:18:29Z Indexed on 2011/02/17 15:25 UTC
Read the original article Hit count: 296

Filed under:

spring

|

spring-security

Hi all.

We are using Spring Security 3. We have a custom implementation of PermissionEvaluator that has this complex algorithm to grant or deny access at method level on the application. To do that we add a @PreAuthorize annotation to the method we want to protect (obviously). Everything is fine on that. However the behavior that we are looking for is that if a hasPermission call is denied, the protected method call only needs to be skipped, instead we are getting a 403 error each time that happens.

Any ideas how to prevent that?

You can find a different explanation of the problem here; AccessDeniedException handling during methodSecurityInterception

© Stack Overflow or respective owner

Related posts about spring

Why is Java EE 6 better than Spring ?

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Java EE 6 was released over 2 years ago and now there are 14 compliant application servers. In all my talks around the world, a question that is frequently asked is Why should I use Java EE 6 instead of Spring ? There are already several blogs covering that topic: Java EE… >>> More
Spring??Java EE 6?! ???????????????·????????Java Developers Workshop 2012 Summer????

as seen on Oracle Blogs - Search for 'Oracle Blogs'
?Java EE 6??????????????????????????????????????/?????????????????????????Spring Framework?????????????????????????????????????????????????????????????????????????????? “Spring to Java EE 6”????·????????????????????Java EE 6????????????????????IT???????????????Java??????????????·???????????????8?… >>> More
Spring 3.0: Unable to locate Spring NamespaceHandler for XML schema namespace

as seen on Stack Overflow - Search for 'Stack Overflow'
My setup is fairly simple: I have a web front-end, back-end is spring-wired. I am using AOP to add a layer of security on my rpc services. It's all good, except for the fact that the web app aborts on launch: [java] SEVERE: Context initialization failed [java] org.springframework.beans… >>> More
Applying ServiceKnownTypeAttribute to WCF service with Spring

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to apply the ServiceKnownTypeAttribute to my WCF Service but keep getting the error below my config. Does anyone have any ideas? <object id="HHGEstimating" type="Spring.ServiceModel.ServiceExporter, Spring.Services"> <property name="TargetName" value="HHGEstimatingHelper"/> … >>> More
Where is the sample applications in the lastest Spring release(Spring Framework 3.0.2)?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi guys, On the Spring download page, It says that For all Spring Framework releases, the basic release contains only the binaries while the -with-dependencies release contains everything the basic release contains plus all third-party dependencies, buildable source trees, and sample… >>> More

Related posts about spring-security

Spring Security - Interactive login attempt was unsuccessful

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been trying to track down why Spring Security isn't creating the SPRING_SECURITY_REMEMBER_ME_COOKIE so I turned on logging for org.springframework.security.web.authentication.rememberme. At first glance, the logs make it seem like the login is failing but the login is actually successful in the… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More
Spring Security - Persistent Remember Me Issue

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been trying to track down why Spring Security isn't creating the Spring Security remember me cookie (SPRING_SECURITY_REMEMBER_ME_COOKIE). At first glance, the logs make it seem like the login is failing, but the login is actually successful in the sense that if I navigate to a page that requires… >>> More
Problem with Remember Me Service in Spring Security

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to implement a "remember me" functionality in my website using Spring. The cookie and entry in the persistent_logins table are getting created correctly. Additionally, I can see that the correct user is being restored as the username is displayed at the top of the page. However, once… >>> More
Spring Security 3 - j_spring_security_check is not found

as seen on Stack Overflow - Search for 'Stack Overflow'
I use Spring Security with Spring Framework 3 and when I tyr to login from homepage I get following error: 2010-04-26 12:16:39,525 [tomcat-http--2] WARN org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/AppName/app/j_spring_security_check] in DispatcherServlet… >>> More