You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is possible and even easy to accidentally misconfigure @EnableGlobalMethodSecurity to actually do nothing, e.g.
@EnableGlobalMethodSecurity
The above will not secure any methods because none of prePostEnabled, securedEnabled, or jsr250Enabled is set to true, e.g.
@EnableGlobalMethodSecurity(prePostEnabled=true)
Because Spring Security supports multiple @EnableGlobalMethodSecurity annotations, these need to continue to default to false.
But we could add validation at runtime that would warn that in the composition of all global method configuration, no annotation support was actually activated.
The text was updated successfully, but these errors were encountered:
This polishes the EnableGlobalMethodSecurity misconfiguration check to
not error if the user has specified a custom method security metadata
source.
Issue: spring-projectsgh-5341
This polishes the EnableGlobalMethodSecurity misconfiguration check to
not error if the user has specified a custom method security metadata
source.
Issue: gh-5341
Summary
It is possible and even easy to accidentally misconfigure @EnableGlobalMethodSecurity to actually do nothing, e.g.
The above will not secure any methods because none of
prePostEnabled
,securedEnabled
, orjsr250Enabled
is set totrue
, e.g.Because Spring Security supports multiple @EnableGlobalMethodSecurity annotations, these need to continue to default to false.
But we could add validation at runtime that would warn that in the composition of all global method configuration, no annotation support was actually activated.
The text was updated successfully, but these errors were encountered: