Secure with @PreAuthorize #84

adriendengreville · 2021-02-23T17:43:46Z

adriendengreville
Feb 23, 2021

I wanted to secure my endpoints using @PreAuthorize("hasAuthority('...')") because it seems that @Secured only handles roles, but it's not picked up.

Any idea on where to look in the codebase to secure the app using the @PreAuthorize annotation ?

Answered by maxixcom

Feb 24, 2021

Yes @Secure use only ROLE_ authorities as it is mentioned in annotation comments.

But I found that the annotation @PreAuthorize works fine. I use it like

    @DgsData(parentType = "Mutation", field = "updateCategory")
    @PreAuthorize("hasAuthority('admin:write')")
    fun updateCategory(input: CategoryUpdateInput): CategoryType? {
        return categoryService.update(input)
    }

Check if you have @EnableGlobalMethodSecurity(prePostEnabled = true) in your configuration.
I have it as follows:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
class SecurityConfig(
    private val jwtConfigProperties: JwtConfigProperties,
    private val userService: U…

View full answer

maxixcom · 2021-02-24T12:59:21Z

maxixcom
Feb 24, 2021

Yes @Secure use only ROLE_ authorities as it is mentioned in annotation comments.

But I found that the annotation @PreAuthorize works fine. I use it like

    @DgsData(parentType = "Mutation", field = "updateCategory")
    @PreAuthorize("hasAuthority('admin:write')")
    fun updateCategory(input: CategoryUpdateInput): CategoryType? {
        return categoryService.update(input)
    }

Check if you have @EnableGlobalMethodSecurity(prePostEnabled = true) in your configuration.
I have it as follows:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
class SecurityConfig(
    private val jwtConfigProperties: JwtConfigProperties,
    private val userService: UserService
) : WebSecurityConfigurerAdapter() {

// ....

}

Hope it will help.

1 reply

adriendengreville Feb 24, 2021
Author

It works like a charm like that, thanks !

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Secure with @PreAuthorize #84

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 1 reply

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

Secure with @PreAuthorize #84

adriendengreville Feb 23, 2021

Replies: 1 comment · 1 reply

maxixcom Feb 24, 2021

adriendengreville Feb 24, 2021 Author

adriendengreville
Feb 23, 2021

Replies: 1 comment 1 reply

maxixcom
Feb 24, 2021

adriendengreville Feb 24, 2021
Author