C96
Reputation: 529
Enable global method security leads to 404
When I enable Global Method Security, I get 404/NotFound when I call my endpoint that belongs to a class annotated with @Preauthorized
This is my configuration:
@Configuration @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
class MethodSecurityConfig : GlobalMethodSecurityConfiguration()
And this is the controller:
@RestController
@RequestMapping(Endpoints.BABBLE.ROOT)
@PreAuthorize("@authenticator.checkIfThunderkickAdmin()")
class BabbleRequestController() {
@PostMapping(Endpoints.BABBLE.APPEND)
public fun balances(@RequestBody requestData: AppendRequestData, @RequestHeader(HttpHeaders.AUTHORIZATION) authHeader : String): ResponseEntity<String> {
...
Upvotes: 0
Views: 282
Answers (1)
Andrei Kovrov
Reputation: 2440
I guess you got 404 because you have @PreAuthorize and missing proxyTargetClass = true for @EnableGlobalMethodSecurity annotation. Spring loses your controller because it's a JDK proxy instead of CGLIB and doesn't have @RestController anymore.
Try to replace it with:
@Configuration @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true, proxyTargetClass = true)
class MethodSecurityConfig : GlobalMethodSecurityConfiguration()
Upvotes: 3
Related Questions
- Spring in Kotlin: Spring Security gives me forbidden message despite i'm logged in
- Cannot handle Spring Security exceptions
- Spring Security Configuration Kotlin DSL
- Spring Security returns 403 with valid JWT
- Spring Boot exception on turning on @GlobalMethodSecurity
- Spring Security denies access to `@Secured` method in spite of granted authorities
- Using global-method-security, Access Denied errors are returned as HTTP 500 errors
- Spring MVC Exception when i add global-method-security to spring-servlet.xml
- Spring Security - 'global-method-security' does not work
- security:global-method-security element in spring security configuration?