implementing an interface contains @PreAuthorize to a controller causes something wrong, why?

Question

I have this Controller and an Interface, when i try to implement the interface for applying Preauthorize annotation , it cause a damage to the controller , so the methods aren't working at that case . I know that i can apply the annotation directly inside the controller but i'll be happy if i can apply it using the interface as read in Spring's example

public interface PermissionsSecurity {
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    String deletePost(@RequestParam(value = "id", required = true) Long id);

    @PreAuthorize("hasRole('ROLE_ADMIN')")
    String permissions(ModelMap model, @RequestParam(value = "q", required = false) String q);
}

Controller :

@Controller
public class PermissionsController implements PermissionsSecurity{
    @Autowired
    @Qualifier("permissionValidator")
    private Validator validator;

    @Autowired
    private Permissions permissionsService;

    @InitBinder
    private void initBinber(WebDataBinder binder){
        binder.setValidator(validator);
    }

    @RequestMapping(value="/permissions:delete", method=RequestMethod.POST)
    public String deletePost(@RequestParam(value = "id", required = true) Long id) {
        permissionsService.delete(id);

        return "redirect:/permissions";
    }

    @RequestMapping(value = "/permissions", method=RequestMethod.GET)
    public String permissions(ModelMap model, @RequestParam(value = "q", required = false) String q){
        model.addAttribute("q", (q != null)? q : "");
        model.addAttribute("viewTemplate", "permissions");
        model.addAttribute("roles", permissionsService.getAll());

        return "welcome";
    }
}

Don't do it like that... Put them on the class not an interface (basically inheritance of annotations from interfaces to classes isn't supported, spring uses a work around to make it work, interfaces like this use proxies which in turn lead to issues with the request mapping. You need to force the use of class based proxies instead of interface based proxies to make it work. — M. Deinum, Jan 25 '16 at 14:03
@M.Deinum Regarding the `@Service` permissionsService ? that contains the repository interface, Should i add put `@Preauthorize ` on it ? or it's enough to seure the methods only ? what's the correct security logic ? — Jason4Ever, Jan 26 '16 at 04:49
I found an answer for this question. * https://stackoverflow.com/questions/32442408/preauthorize-not-working-on-controller — t2y, May 28 '19 at 00:02

implementing an interface contains @PreAuthorize to a controller causes something wrong, why?

0 Answers0