Describe the bug 1. The AccessiDeniedHandler is invalid when the system @RestControllerAdvice catch Exception,For example, @ PreAuthorize ("hasRole ('admin ')") permission verification.But the custom AuthorizationManager authentication Access DeniedHandler works fine again. 2. This is very confusing.When the system catches an Exception exception. The authorization of the custom AuthorizationManager is not approved, and the AccessiDeniedHandler can process it normally. Non customized but unable to handle properly
To Reproduce
1. Turn on exception capture.testing(CustomSecurityAuthorizationManager seting pass):
1. curl http://localhost:8090/test
2. message: catch from GlobalExceptionHandler
- Repeat the above steps (remove exception capture)
1. curl http://localhost:8090/test
2. message: from CustomAuthenticationEntryPoint
- Turn on exception capture.testing(CustomSecurityAuthorizationManager seting no pass):
1. curl http://localhost:8090/test
2. message: from CustomAccessDeniedHandler
Sample mini demo
Comment From: kse-music
It feels like this is a question that would be better suited to Stack Overflow.
Comment From: zxuanhong
@kse-music I think this is a bug. Because the same things are handled differently.If they're all handled uniformly with exceptions or accessidenied I think that's normal. But there are two ways of dealing with it.
Comment From: sjohnr
@zxuanhong thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.