Validate @EnableGlobalMethodSecurity usage #5341
Description
Summary
It is possible and even easy to accidentally misconfigure @EnableGlobalMethodSecurity to actually do nothing, e.g.
@EnableGlobalMethodSecurityThe above will not secure any methods because none of prePostEnabled, securedEnabled, or jsr250Enabled is set to true, e.g.
@EnableGlobalMethodSecurity(prePostEnabled=true)Because Spring Security supports multiple @EnableGlobalMethodSecurity annotations, these need to continue to default to false.
But we could add validation at runtime that would warn that in the composition of all global method configuration, no annotation support was actually activated.