-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AuthorizationManagerAfterMethodInterceptor custom annotations and aspecj support #14970
Comments
Thanks for reaching out. You are correct that the new If not, then I may be missing something. Could you provide a sample of what did work in Spring Security 5 where the migration is now unclear? |
Hi @jzheaux, it's that the deprecated If you're not planning to create an AspectJ compatible version of the interceptor similar to what was in version 5 it would be great to if you make the |
@jzheaux can you point me to Spring's |
HI, in our application based on spring security 5 we used
PostInvocationAdviceProvider
withAfterInvocationProviderManager
and also defined few custom annotations to limit access to methods based on our internal roles.We are also using aspectj weaving and we want to make sure some security checks happen inside transaction. For that we use
AspectJMethodSecurityInterceptor
and aspectj transactional support.After updating to spring security 6 it's not really understandable how we should migrate all that code to
AuthorizationManagerAfterMethodInterceptor
as a replacement forAspectJMethodSecurityInterceptor
. Furthermore there is no mention on how to use this new interceptor with aspectj (it seems like only Spring AOP is supported). Are we missing something or are you planning to add more support for aspectj into spring security 6? Are there any guides how we could define custom annotations in spring security 6 and potentially use the new interceptor code also as an aspect?The text was updated successfully, but these errors were encountered: