#oauth2 security expressions on method level

Question

What should I do to be able to use #oauth2 security expressions on method level like on the example below?

@RequestMapping(value = \"email\", method = Reques         


        

Answer 1

I had the same problem, but only in a unit test (@WebMvcTest). I had to add @EnableGlobalMethodSecurity on the inner class that defined the configuration for the test:

@RunWith(SpringRunner.class)
@WebMvcTest(MyController.class)
public class MyControllerTest {

  @TestConfiguration
  @Import({JacksonCustomizations.class,SecuritySettings.class,
        OAuth2ServerConfiguration.class, WebSecurityConfiguration.class,
        TokenGrantersConfiguration.class})
  @EnableGlobalMethodSecurity
  public static class TestConfig {
  }
}

UPDATE: In Spring Boot 2.x, you might get:

java.lang.IllegalStateException: In the composition of all global method configuration, no annotation support was actually activated

The reason is that you added @EnableGlobalMethodSecurity without actually enabling anything. To fix it, set at least one of the properties of the annotation to true. E.g:

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)