stormpath-sdk-java Spring Security's Method Security does not work in non-web environment

Spring Security's Method Security does not work in non-web environment

Open mrioan opened this issue 8 years ago • 0 comments

We wrongly placed StormpathMethodSecurityAutoConfiguration and StormpathMethodSecurityConfiguration in our web module.

For example, the Boot-specific class should reside in stormpath-spring-security-webmvc-spring-boot-started. Be sure to remove:

stormpath.web.enabled from @ConditionalOnProperty
@ConditionalOnWebApplication
@AutoConfigureAfter(WebMvcAutoConfiguration.class)

That will not be the only change. We need need to be sure that a services like this works as expected (i.e. sayHello can only be executed by users with the MY_GROUP role):

public interface HelloService {

    static final String MY_GROUP = "GROUP_HREF_HERE";

    @PreAuthorize("hasRole('" + MY_GROUP + "')")
    String sayHello();

}

Oct 17 '16 20:10 mrioan

stormpath-sdk-java stormpath-sdk-java copied to clipboard

Spring Security's Method Security does not work in non-web environment

stormpath-sdk-java
stormpath-sdk-java copied to clipboard