Answer the question
In order to leave comments, you need to log in
Why doesn't @PreAuthorize work?
Greetings dear forum users.
Can you please tell me why @PreAuthorize doesn't work? It doesn't throw any exceptions or errors, it just doesn't work. The entire Internet has already been rummaged, tried, but it does not work.
Just in case uploaded to github https://github.com/romanych2021/TestPreAuthorize
SecurityConfig.java
package com.testpreauthorize.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest()
.permitAll()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/")
.and()
.logout()
.permitAll()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.and()
.csrf().disable();
}
}
package com.testpreauthorize.controller;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
@Controller
public class HomeController {
@GetMapping(value = "/")
public String home () {
return "/home";
}
@PreAuthorize("isAuthenticated()")
@GetMapping(value = "/user")
public String user () {
return "/user";
}
@GetMapping(value = "/login")
public String loginGet () {
return "/login";
}
@PostMapping(value = "/login")
public String loginPost () {
return "redirect:/user";
}
}
Answer the question
In order to leave comments, you need to log in
Topic closed, fixed.
The solution was this: I moved this @EnableGlobalMethodSecurity(prePostEnabled = true) to the application configuration file.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question