Support Retrieving Authorized Proxy Target Object

Related to https://github.com/spring-projects/spring-security/issues/15746

Given that authorized objects use `setOpaque`, there isn't a straightforward way to get the underlying object, in case that is needed.

A way to address this is to add a marker interface, say `AuthorizationProxy`, that has a JSON-ignored method to retrieve the underlying object, like so:

```java
public interface AuthorizationProxy extends RawTargetAccess {
    Object toAuthorizedTarget();
}
```

Then other AOP components could retrieve the underlying object of anything that implements `AuthorizationProxy`.

Spring Data has done this in another way with [its `TargetAware` interface](https://github.com/spring-projects/spring-data-commons/blob/d9bdd2b5506a5867cd51c3be19754bfc5c874d56/src/main/java/org/springframework/data/projection/TargetAware.java#L29), though if Security were to go this route, it would likely apply the `@JsonIngore` values through a mixin.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Support Retrieving Authorized Proxy Target Object #15747

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Support Retrieving Authorized Proxy Target Object #15747

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions