I've got one challenge I can't solve yet.
I want to use Spring Security annotation @Secured on a Spring component which I manipulate via reflection.
Here's a simplified version of my use case. In this example I've made such simplications that the use of reflection doesn't seems to be useful, but it is in fact in my project because the method to call is retrieved dynamically according to the class of the parameter we have
My component :
@Component
public class MyComponent {
@Secured("ROLE_HERO")
public String doStuff(CustomAction action) {
...
return "Yes you can";
}
}
The service where I want to use MyConponent via reflection :
@Service
public class MyService {
@Autowired
MyComponent myComponent;
public String launchStuff(CustomAction action) {
try {
Method method = myComponent.getClass().getMethod("doStuff", action.getClass());
method.invoke(myComponent, action);
} catch(Exception e) {
e.printStackTrace();
}
}
}
The result is I always get an exception, whether the user is authentified or not and whether he has the required role or not.
I use Spring boot 1.5.17 (So Spring 4)
Does anyone know how I can deal with this ?
Thanks,
Julien
Aucun commentaire:
Enregistrer un commentaire