Linked Questions

Popular Questions

Spring MVC accessing Spring Security ConfigAttributes?

Asked by At

I want to produce HTTP Response Body with an error message referencing something like _"missing ... 'CUSTOM_AUTHORITY'"_ in addition to a 403 Forbidden HTTP Status code.

My application is Spring Boot with a Spring-Security-Secured @PreAuthorize method within a Spring-MVC-REST @Controller:

MyController

@Controller
@RequestMapping("/foo")
public FooController{
  @PreAuthorize("hasAuthority('CUSTOM_AUTHORITY')")
  public Object getSomething(){ ... }
}

GlobalExceptionHandlerResolver

@ControllerAdvice
public class GlobalExceptionHandler {
  @ExceptionHandler(AccessDeniedException.class)
  @ResponseStatus(HttpStatus.FORBIDDEN)
  public Object forbidden(AccessDeniedException exception){ ... }
}

What I want is to expose/inject Collection<ConfigAttribute>. The Spring Security docs reference it.

Related Questions