Skip to content

Add handler reference by name to HandleAuthorizationDenied #16622

New issue
New issue
Open
#16970
Open
Add handler reference by name to HandleAuthorizationDenied#16622
#16970
Labels
status: waiting-for-triageAn issue we've not yet triagedtype: enhancementA general enhancement
@gbaso

Description

@gbaso
gbaso
opened on Feb 19, 2025

MethodAuthorizationDeniedHandler is an interface with a single non-default method, therefore it can be implemented by a lambda. However, HandleAuthorizationDenied can only reference a handler by class, excluding lambdas.

I would like HandleAuthorizationDenied to have an additional parameter String handler() default "" so that this is possible:

@Configuration
@EnableMethodSecurity
class MyConfiguration {

  @Bean
  MethodAuthorizationDeniedHandler emptyListHandler() {
    return (invocation, result) -> List.of();
  }

}

class Account {
  String name;
  @PreAuthorize("hasRole('DETAILS')")
  @HandleAuthorizationDenied(handler = "emptyListHandler")
  List<String> details;
}

Even better if the handler name could be interpolated from a property or a spel expression.

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: waiting-for-triageAn issue we've not yet triagedtype: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions