My bean hit my head about this for a while. I did everything I could to find a suitable solution and followed a myriad of Stackoverflow examples and solutions.
Firstly, I am using annotation based solution. When I annotate my services, prePostEnabled works, but not when I comment on controllers, it is not. Also, even in my services, jsr250Enabled does not work.
I found many cases closed by moving the annotation from the security config to the MVC configuration, which in my case does not work.
I have a setting that looks like this: https://github.com/spring-projects/spring-security-oauth-javaconfig/tree/master/samples/oauth2-sparklr
But I use Servlet 3.0 and have nothing in my web.xml.
My SecurityInitializer is as follows:
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }
My MVC initializer is as follows:
public class MvcWebApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { @Override protected Class<?>[] getRootConfigClasses() { return new Class<?>[]{WebSecurityConfig.class, MethodSecurityConfig.class}; } @Override protected Class<?>[] getServletConfigClasses() { return new Class<?>[]{SpringMvcConfig.class}; } @Override protected String[] getServletMappings() { return new String[]{ApiPaths.API + "/*", "/res.jsp"}; }
My WebSecurity configurator is initialized as follows:
@Configuration @EnableWebSecurity @ComponentScan(value = {"com.roler.res.**.server"}, excludeFilters = { @Filter(type = FilterType.ASSIGNABLE_TYPE, value = SpringMvcConfig.class), @Filter(type = FilterType.ASSIGNABLE_TYPE, value = MethodSecurityConfig.class), @Filter(type = FilterType.REGEX, pattern = "com.xyz.*.controller.*")}) public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
And my SpringMvcConfig is initialized as follows:
@Configuration @EnableWebMvc @ComponentScan(value = "com.xyz.**.controller") public class SpringMvcConfig extends WebMvcConfigurerAdapter {
If you have any ideas, I'm out of juice, thanks!