2

I found many similar questions but none has solved my problem my problem is: PreAuthorize("isAuthenticated()") not working on my RestController.

my configuration security is:

<global-method-security pre-post-annotations="enabled"/>
<authentication-manager alias="authenticationManager">
        <authentication-provider>
            <password-encoder ref="passwordEncoder" />
            <jdbc-user-service
                data-source-ref="dataSource"
                users-by-username-query="
         select login,password,1
         from test tst where tst.login=?" 
                authorities-by-username-query="
         select login,'ROLE_SAVE' from test tst where tst.login=?"
            />
        </authentication-provider>
    </authentication-manager>

on my RestController i add this annotation:@PreAuthorize("isAuthenticated()")

@RestController
@PreAuthorize("isAuthenticated()")
@RequestMapping("/api/test")
public class PrinterController{

    @RequestMapping(value = "", method = RequestMethod.GET)
    public ResponseStatus test() {
    System.out.println("test");
}

but not work any user can consume this resource.

HJK
  • 39
  • 1
  • 1
  • 5
  • yes i enable it with – HJK Jun 14 '17 at 12:17
  • Try adding it in `value` attribute : `@PreAuthorize( value="isAuthenticated()")` – akuma8 Jun 14 '17 at 12:24
  • does't work, i have the same problem – HJK Jun 14 '17 at 12:27
  • How the bean's container discover your configuration? In your application you have a servlet configuration (part of the web context) and you have the application context (or the root context) which contains persistence configuration, security configuration, etc... – akuma8 Jun 14 '17 at 12:35
  • Edit your post and add it, it will be clearer to read ! – akuma8 Jun 14 '17 at 12:37
  • 1
    and in my applicationContext i add this line: – HJK Jun 14 '17 at 12:38
  • this is my web xml file ~ springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy springSecurityFilterChain /* contextConfigLocation classpath:/META-INF/applicationContext.xml ~ – HJK Jun 14 '17 at 12:44

2 Answers2

13

You need to add the following annotation to your Security Configuration class:

@EnableGlobalMethodSecurity(prePostEnabled = true)

Thanks to this article:

https://nixmash.com/post/spring-mvc-method-security-with-preauthorize-and-sp-el

Hadi hashemi
  • 475
  • 6
  • 8
-1

after remplacing @PreAuthorize by @Secured and add secured-annotations="enabled" in security xml file the problem is fixed.

<global-method-security secured-annotations="enabled"/>

on my RestController

@Secured
HJK
  • 39
  • 1
  • 1
  • 5