Directly including a custom error message within the @PreAuthorize
dzulic opened this issue · comments
Custom method for has permissions is being invoked in PreAuthorize. Method customHasPermission checks for the permission in the token and returns true/false.
@PreAuthorize("@authService.customHasPermission('permission')")
Expected Behavior
Have thrown exception message if hasPermission is false with custom message with permission name
Some suggestions would be having:
- Enabled message argument in the @PreAuthorize that AccessDeniedException can handle
- Or throwing a custom exception in customHasPermission
Current Behavior
- No possibility to extend AccessDeniedException with @PreAuthorization specific method params
Context
Trying to pass permission string to the AccessDeniedException so it can return custom message
Hi @dzulic ! Have you tried using @HandleAuthorizationDenied
? Perhaps it will solve your problem.
@CrazyParanoid Hi, thanks for the reply. I haven't as I see it is in 6.3.0 and still in development, but I will check
currently I found a workaround, throwing AccessDeniedException in the customHasPermission method, which is then handled in the PreAuthorization correctly
Thanks, @dzulic for reaching out and @CrazyParanoid for sharing about the new feature.
Since this has been brought up previously in #3306, I'll close this ticket and encourage continuing the conversation over there.