当我启用全局方法安全性时,当我调用属于用@Preauthorized
注释的类的端点时,我得到404/NotFound
这是我的配置:
@Configuration @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
class MethodSecurityConfig : GlobalMethodSecurityConfiguration()
这就是控制器:
@RestController
@RequestMapping(Endpoints.BABBLE.ROOT)
@PreAuthorize("@authenticator.checkIfThunderkickAdmin()")
class BabbleRequestController() {
@PostMapping(Endpoints.BABBLE.APPEND)
public fun balances(@RequestBody requestData: AppendRequestData, @RequestHeader(HttpHeaders.AUTHORIZATION) authHeader : String): ResponseEntity<String> {
...
我想您得到404
是因为您有@PreAuthorize
,而@EnableGlobalMethodSecurity
注释缺少proxyTargetClass = true
。Spring失去了您的控制器,因为它是JDK代理而不是CGLIB,并且不再有@RestController
。
尝试将其替换为:
@Configuration @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true, proxyTargetClass = true)
class MethodSecurityConfig : GlobalMethodSecurityConfiguration()