-
Notifications
You must be signed in to change notification settings - Fork 434
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Facing issues with Authorization of services #162
Comments
Found the issue with |
Fixed in |
@jvmlet thanks for the quick fix, things are working as expected in 4.2.2. |
@jvmlet I was trying to leverage expression based access control (SPEL) rules but whenever i define my expressions within @PreAuthorize("") i see that it will make another interceptor call which does not have the SecurityContext and my whole call fails stating Unauthenticated , is there any way how i can implement simple ABAC using SPEL ? |
Spel expressions are not supported. The nearest you can get is adding your custom Voter |
@jvmlet will spel expressions ever be supported ? |
@swarupdonepudi , yes, eventually 😄 . PRs are welcome |
@swarupdonepudi , I've created #175 to track it |
Have setup a sample maven spring-boot app to test out spring security implementation. I have had success with authentication but facing issues in authorisation. Have tested in both version 4.1.0 and 4.2.0.
4.1.0 -> https://github.com/abhishekshenoy/grpc-service
4.2.0 -> https://github.com/abhishekshenoy/grpc-service/tree/spring-grpc-4.2.0
My spring security test config looks as below :
Have 2 services as below
Secured Service : sayHello
Non Secure Service: sayBye
Have setup 4 tests and they behave different in the 2 versions:
In 4.1.0
In 4.2.0
Can someone please check the above ? My problem is actually being able to distinguish between services which only need authentication to be accessed vs the ones that need both authentication as well as authorisation to be accessed. Currently in 4.1.0 , even if i do not pass @secured annotation to a Service api , it expects the service api to be authorised.
The text was updated successfully, but these errors were encountered: