micronaut-security: Allow 404 global error to be displayed even with a security enabled

Steps to Reproduce

Add a global 404 error @Error(status = HttpStatus.NOT_FOUND, global = true)
Enable security with micronaut.security.enabled: true
Add a controller with parameter like

@Secured(Role.ROLE_CONNECT_READ)
@Controller("/{cluster}/connect")
public class ConnectController {

Try to reach every child page like /test/connect/bla
be redirected to unauthorized url
Disabled security with micronaut.security.enabled: false
Try to reach the same page like /test/connect/bla
see the 404 page

Expected Behaviour

Security should not change the behavior off 404 page and must be check before security for some use case. The best will be to let user have an option to allow choose if you you want to have a 404 or a unauthorized response.

I think the better option is to allow 404 before unauthorized if the ErrorController is annotated with : @Secured(SecurityRule.IS_ANONYMOUS)

Environment Information

Operating System: Docker alpine
Micronaut Version: 1.1.0
JDK Version: openjdk:8-jre-alpine

Example Application

Full source code is here on branch dev

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 1
Comments: 15 (11 by maintainers)

Most upvoted comments

That isn’t true. Authenticated requests to a resource that the user has access to but does not exist would result in a 404.

On Sat, Mar 28, 2020 at 4:26 PM J Lannoy notifications@github.com wrote:

As it concerns 404 not found errors, In this case, no validation occurred… But even, that was not the real point, only one supposition. The real problem to fix was that it was not possible to get a 404 error page on a secured app.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/micronaut-projects/micronaut-security/issues/6#issuecomment-605514935, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMCVLKIFLPZZKWPKWRJCK3RJZMNPANCNFSM4HGZDW3Q .

jameskleeh on Mar 28, 2020