当我启用全局方法安全性时,当我调用属于用@Preauthorized注释的类的端点时,我得到404/NotFound
这是我的配置:
@Configuration @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
class MethodSecurityConfig : GlobalMethodSecurityConfiguration()
这就是控制器:
@RestController
@RequestMapping(Endpoints.BABBLE.ROOT)
@PreAuthorize("@authenticator.checkIfThunderkickAdmin()")
class BabbleRequestController() {
@PostMapping(Endpoints.BABBLE.APPEND)
public fun balances(@RequestBody requestData: AppendRequestData, @RequestHeader(HttpHeaders.AUTHORIZATION) authHeader : String): ResponseEntity<String> {
...
我想您得到404是因为您有@PreAuthorize,而@EnableGlobalMethodSecurity注释缺少proxyTargetClass = true。Spring失去了您的控制器,因为它是JDK代理而不是CGLIB,并且不再有@RestController。
尝试将其替换为:
@Configuration @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true, proxyTargetClass = true)
class MethodSecurityConfig : GlobalMethodSecurityConfiguration()