R
R
Romanov19812020-10-10 20:30:08
Spring
Romanov1981, 2020-10-10 20:30:08

Why doesn't @PreAuthorize work?

Greetings dear forum users.

Can you please tell me why @PreAuthorize doesn't work? It doesn't throw any exceptions or errors, it just doesn't work. The entire Internet has already been rummaged, tried, but it does not work.

Just in case uploaded to github https://github.com/romanych2021/TestPreAuthorize

SecurityConfig.java

package com.testpreauthorize.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {




    @Autowired
    UserDetailsService userDetailsService;


    @Autowired
    protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }





    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest()
                .permitAll()


                .and()
                .formLogin()
                .loginPage("/login")
                .loginProcessingUrl("/login")

                .defaultSuccessUrl("/")

                .and()

                .logout()
                .permitAll()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/")

                .invalidateHttpSession(true)
                .deleteCookies("JSESSIONID")
                .and()
                .csrf().disable();

    }


}


HomeController.java

package com.testpreauthorize.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;

@Controller
public class HomeController {

    @GetMapping(value = "/")
    public String home () {
        return "/home";
    }


    @PreAuthorize("isAuthenticated()")
    @GetMapping(value = "/user")
    public String user () {
        return "/user";

    }


    @GetMapping(value = "/login")
    public String loginGet () {
        return "/login";
    }

    @PostMapping(value = "/login")
    public String loginPost () {
        return "redirect:/user";
    }


}

Answer the question

In order to leave comments, you need to log in

1 answer(s)
R
Romanov1981, 2020-10-11
@Romanov1981

Topic closed, fixed.
The solution was this: I moved this @EnableGlobalMethodSecurity(prePostEnabled = true) to the application configuration file.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question