Unable to use @Tool with @PreAuthorize #2356
Comments
|
@habuma, how to do you define your tool service bean? Annotation (@service, @component) or creating the service bean in a @Configuraiton ? |
|
With |
|
It shouldn't |
|
Side-note (and perhaps this needs to be a separate issue): Ideally, it would be best if tools that the current security context is prohibited from invoking would simply not be added to the prompt at all. At prompt-time, a developer could (I suppose) sift through all available tools and make those decisions on whether to add them in a call to Even more ideally, the framework would somehow make those decisions at request/prompt-creation time. E.g., a developer adds all the tools that could be needed, but Spring AI consults with Spring Security and keeps unauthorized tools out of the prompt under the covers. (I'm not sure how to do this...would need to think on it some. Just saying it would be very helpful.) |
Was just trying out a mashup of Spring Security and Tools. Specifically, I have a bean with a couple of
@Tool-annotated methods and it works great. But then I annotated one of those methods with@PreAuthorizeso that it could only be successfully invoked if the requesting security context has a certain role. Once I do that, it ends up not being invoked as a tool at all, even if the security context has that role. In short, it seems like putting@PreAuthorizeon the method negates the@Toolannotation. When both are used together, the tools never make it into the request to the LLM.What does work, although clumsily, is that I can create two tools classes. One with the actual implementations and whose methods are annotated with
@PreAuthorizeand another one with@Toolannotated methods that delegates to the other. But then I have to create this weird wrapper class to make it work.Another option that works is to not use
@Tooland instead declare aFunctionbean and annotatedapply()with@PreAuthorize. But I'd rather use@Toolas it's cleaner.The text was updated successfully, but these errors were encountered: