Giters

spring-guides / tut-spring-security-and-angular-js

Spring Security and Angular:: A tutorial on how to use Spring Security with a single page application with various backend architectures, ranging from a simple single server to an API gateway with OAuth2 authentication.

Home Page:https://spring.io/guides/tutorials/spring-security-and-angular-js/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Is it possible to restrict resource access on resource service with @PreAuthorize ?

vajda opened this issue · comments

commented

Hi, I have cloned your spring-security-angular/oauth2 example with resource, auth and ui components and tried to restrict resource endpoint with:

@PreAuthorize("hasAnyRole('ROLE_FOO','ROLE_BAR')")
@RequestMapping('/')
def home() {
    [id: UUID.randomUUID().toString(), content: 'Hello World']
}

however, it still passes (I expected 403 to be returned).
Is it possible to restrict resource access in a such way?

commented

To use @PreAuthorize you need to @EnableGlobalMethodSecurity.