You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
메서드 단계에서 시큐리티를 적용하는 @PreAuthorize, @PostAuthorize 와 같은 어노테이션을 사용한다면
@EnableGlobalMethodSecurity 설정을, 그게 아닌 일반적인 경우는 @EnableWebSecurity 을 선언
@Configuration@Log4j2@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecuritypublicclassSecurityConfigextendsWebSecurityConfigurerAdapter {
...
// 관리자(admin) 권한을 가진 사용자만 접근 가능@PreAuthorize("hasRole('ADMIN')")
@GetMapping("/admin")
publicvoidadmin() {
log.info("admin........");
}
// 특별 정해진 사용자만 해당 메서드를 실행하도록 설정 => "user95@zerock.org" 의 사용자만 해당 메소드 접근 가능@PreAuthorize("#clubAuthMemberDto != null && #clubAuthMemberDto.username eq \"user95@zerock.org\"")
@GetMapping("/only")
publicStringmemberOnly(@AuthenticationPrincipalClubAuthMemberDtoclubAuthMemberDto) {
log.info(clubAuthMemberDto);
return"/sample/admin";
}
@PostAuthorize
("returnObject.username == authentication.principal.nickName")
publicCustomUserloadUserDetail(Stringusername) {
returnuserRoleRepository.loadUserByUserName(username);
}
Spring Security - @EnableGlobalMethodSecurity vs @EnableWebSecurity
@EnableGlobalMethodSecurity
@EnableWebSeucirty
@PreAuthorize
@PostAuthorize
The text was updated successfully, but these errors were encountered: