I using this sample (https://www.djamware.com/post/5c819d0180aca754f7a9d1ee/securing-restful-api-with-spring-boot-security-and-data-mongodb#ch5) to create a secured rest Api. but It`s possible to use the @EnableGlobalMethodSecurity to secure at method level?
how.. tks
Sure. Just annotate @EnableGlobalMethodSecurity on any @Configuration bean. A good one is to annotate on the configuration bean that configures security :
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
}
Then you can use @PreAuthorize, @PreFilter, @PostAuthorize and @PostFilter to configure a SpEL to secure a bean method :
@PreAuthorize("hasRole('ADMIN')")
public void create(Contact contact){
}
See this for the available list of the built in SpEL that can be used to secure method.
