Skip to content

AuthorizeReturnObject should target the authorized object within MVC return values #16059

New issue
New issue
Closed
Closed
AuthorizeReturnObject should target the authorized object within MVC return values#16059
Assignees
jzheaux
Labels
in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement
Milestone
 
6.5.0-RC1
@jzheaux

Description

@jzheaux
jzheaux
opened on Nov 11, 2024

Placing @AuthorizeReturnObject on a method that returns ResponseEntity is limiting since the user doesn't have access to ResponseEntity to add the appropriate Security annotations.

#14717 will add support for applying Security configuration to third-party components. As part of that, Security should consider providing a mixin for Spring Web container objects like ResponseEntity and ModelAndView.

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions