Method level @PreAuthorize does not overwrite a type level one [DATAREST-1579]

**[yerzhant](https://jira.spring.io/secure/ViewProfile.jspa?name=JIRAUSER50630)** opened **[DATAREST-1579](https://jira.spring.io/browse/DATAREST-1579?redirect=false)** and commented

According to [docs](https://docs.spring.io/spring-data/rest/docs/current/reference/html/#security.pre-and-post) method level security settings must overwrite repository level settings. But it fails when it comes to URI conversion:

`Failed to convert from type [java.net.URI] to type [kz.toyville.back.catalog.domain.entity.Category] for value '/category/1'; nested exception is org.springframework.security.access.AccessDeniedException: Access is denied"},"message":"Failed to convert /category/1 into kz.toyville.back.catalog.domain.entity.Category!`

 

**How To Reproduce** 

Run the "List toys for a category" test in the sample (link is below).

 

**Expected behavior**
Test `List toys for a category` (in CatalogWebTest) must not fail.

 

**Sample**
https://github.com/yerzhant/spring-rest-data-security


---

**Reference URL:** https://github.com/yerzhant/spring-rest-data-security


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Method level @PreAuthorize does not overwrite a type level one [DATAREST-1579] #1914

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Participants

Method level @PreAuthorize does not overwrite a type level one [DATAREST-1579] #1914

Description

Activity

spring-projects-issues commented on Oct 31, 2020

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Participants

Issue actions