Is it possible to restrict resource access on resource service with @PreAuthorize ?
vajda opened this issue · comments
Vladimir Vajda commented
Hi, I have cloned your spring-security-angular/oauth2 example with resource, auth and ui components and tried to restrict resource endpoint with:
@PreAuthorize("hasAnyRole('ROLE_FOO','ROLE_BAR')")
@RequestMapping('/')
def home() {
[id: UUID.randomUUID().toString(), content: 'Hello World']
}
however, it still passes (I expected 403 to be returned).
Is it possible to restrict resource access in a such way?
Dave Syer commented
To use @PreAuthorize
you need to @EnableGlobalMethodSecurity
.