How does one create custom @PostAuthorized annotations in Java / Kotlin on Spring?
@Service("authorizationService")
class AuthorizationLogic {
fun decide(response: ResponseEntity<Student?>): Boolean {
val student = response.body
return student?.firstname == "Sachin"
}
companion object {
@Bean
fun prePostTemplateDefaults(): PrePostTemplateDefaults {
return PrePostTemplateDefaults()
}
}
}
@Target(AnnotationTarget.FUNCTION)
@Retention(AnnotationRetention.RUNTIME)
@PostAuthorize("@authorizationService.decide({'returnObject'})")
annotation class PostAuthorizeDecide(val value: Student)
This says Student is not allowed. The same for ResponseEntity<Student?>, and MethodSecurityExpressionOperations
Anyone, any ideas?