Inspectopedia
 
2024.3

@PreFilter/@PreAuthorize/@PostFilter self-invocation method calls

Warning
Security
New
Last modified: 03 December 2024

Using @PreFilter/@PostFilter/@PreAuthorize: In proxy mode (which is the default), only external method calls coming in through the proxy are intercepted. This means that self-invocation (in effect, a method within the target object calling another method of the target object) will not work at runtime even if the invoked method is marked with @PreFilter/@PostFilter/@PreAuthorize