Harshana
Reputation: 7647
Spring Security Authentication not give 401 error
In a filter I have added below role in the spring security context.
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
GrantedAuthority authority = new SimpleGrantedAuthority(ANONYMOUS);
List<GrantedAuthority> grantedAuthority = new ArrayList<>();
grantedAuthority.add(authority);
Authentication authentication = new AnonymousAuthenticationToken(ANONYMOUS, ANONYMOUS, grantedAuthority);
SecurityContextHolder.getContext().setAuthentication(authentication);
arg2.doFilter(arg0,arg1);
}
Then from controller in a rest api method, i check the authorization role as below,
@RestController
@RequestMapping(value = "/api")
public class MyController {
@RequestMapping(value = "/myservice1", method = RequestMethod.GET)
@PreAuthorize("hasRole('ROLE_USER')")
public HttpEntity<String> myService() {
System.out.println("-----------myService invoke-----------");
return new ResponseEntity<String>(HttpStatus.OK);
}
}
But when i invoke above API it successfully print the sysout. But it should give me a 401 unauthorized error right?
Upvotes: 1
Views: 950
Answers (1)
Ali Dehghani
Reputation: 48123
Just enable method level security by:
@EnableGlobalMethodSecurity(prePostEnabled = true)
Upvotes: 2
Related Questions
- Remove "Using default security password" on Spring Boot
- Difference between Role and GrantedAuthority in Spring Security
- When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?
- Spring boot Security Disable security
- Unit testing with Spring Security
- Handle spring security authentication exceptions with @ExceptionHandler
- RESTful Authentication via Spring
- How Spring Security Filter Chain works
- Spring Security OAuth2 SSO with Custom provider + logout