79293966

Date: 2024-12-19 10:44:42
Score: 0.5
Natty:
Report link

The issue is that method-level security annotations like @PreAuthorize require explicit enabling. Add @EnableMethodSecurity to your security configuration class:

@Configuration
@EnableMethodSecurity
public class SecurityConfig {
    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
            .authorizeHttpRequests(auth ->
                auth.requestMatchers("/v1/api/public/**").permitAll()
                    .requestMatchers("/v1/api/authorized/**").hasRole("USER")
                    .anyRequest().authenticated())
            .sessionManagement(session -> 
                session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }
}

This enables method-level security, allowing @PreAuthorize to work correctly. For more details, refer to the Spring Security Documentation.

Reasons:
  • Long answer (-0.5):
  • Has code block (-0.5):
  • User mentioned (1): @PreAuthorize
  • User mentioned (0): @EnableMethodSecurity
  • User mentioned (0): @PreAuthorize
  • Low reputation (0.5):
Posted by: kyljmeeski