GLobalMethodSecurityConfiguration security hotspots

Hello everyone,

I have scanned my code and I have a security hotspots about extends GlobalMethodSecurityConfiguration.
The fact is that I have override one function from this class.

Do you have any option or solution to this security become safe please ?

  public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
    @Autowired
    private CustomPermissionEvaluator permissionEvaluator;

    /**
     * To handle the security Expression with CustomPermissionEvaluatorimplements.
     * 
     * @return
     */
    @Override
    protected MethodSecurityExpressionHandler createExpressionHandler() {
        DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
        expressionHandler.setPermissionEvaluator(permissionEvaluator);
        // expressionHandler.setParameterNameDiscoverer(new
        // AnnotationParameterNameDiscoverer(PathVariable.class.getName(), P.class.getName()));
        return expressionHandler;
    }

Hello again @lnoel

This is the same rule / problem than in the other thread you created.

Thank you for your report.

Eric

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.