Home/ Questions/Q 8601261
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T01:48:07+00:00

I am using spring security @PreAuthorise to check who and who cannot access methods

  • 0

I am using spring security @PreAuthorise to check who and who cannot access methods in my service layer. It works really well. Usually my service methods are annotated with

@PreAuthorize("hasAnyRole('MY_USER_ROLE')")

My problem is that I have a war file made up of several jar files. Each of these jar files is responsible for a segment of business logic. I now want one of the services in one jar file to access another service in another jar file. This gets rejected because of the permissions. If I comment out the permission then everything works.

Is there anyway I can authenticate via spring before calling this service? (Perhaps with a dummy user?) Or perhaps turn off the security for jars within the same application? Or is my design wrong?

Anyone else has this sort of problem? What design should I use instead?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You need to give the thread that invokes the service (in the other jar) the permissions that are required by @PreAuthorize (for the invoked service).

    If the thread is triggered in an web application by an user request, then this are normally the users permissions.

    But if the thread is triggered by some timer service then you need to give them the right authentication

        Authentication authentication = new UsernamePasswordAuthenticationToken("dummy", "password");
    SecurityContext securityContext = SecurityContextHolder.getContext();
    securityContext.setAuthentication(authentication);
    • 0