I am using ...
springBootVersion = '1.2.4.RELEASE'
springVersion = '4.1.6.RELEASE'
springSecurityVersion = '4.0.0.M2'
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebMvcSecurity
@Profile(ElmProfile.HAS_AUTHENTICATION)
public class SecurityXXX extends WebSecurityConfigurerAdapter {
}
Application.java has the appropriate
@ComponentScan
logging.level.org.springframework.security=TRACE
Problem: There is some strange behaviour ...
There are may post filter annotations are defined on the service interface , but in the logs it shows its detected the annotation on the service impl class instead !?.
Althought there are many such methods on the service interface with only one method is detected
Yes the service has @Service annotation as shown below :
@Validated
public interface SiteService {
@PostFilter("hasPermission(filterObject, 'read')")
@NotNull
List<Site> getSitesWithBins();
@PostFilter("hasPermission(filterObject, 'read')")
@NotNull
List<Site> getAllSitesRestricted();
@PostFilter("hasPermission(filterObject, 'read')")
@NotNull
List<Site> getAllSites();
@PostFilter("hasPermission(filterObject, 'read')")
@NotNull
List<Site> findSitesByMain(final boolean isMain);
@NotNull
List<Site> getSitesByTransferType(@Min(1) final Long siteId, @NotNull final TransferType.Code transferType);
@PostFilter("hasPermission(filterObject, 'read')")
Site getSite(@Min(1) final Long siteId);
@Service
@Transactional
@RequiredArgsConstructor(onConstructor = @__(@Autowired))
public class SiteServiceImpl implements SiteService {
//implementas all the service interface methods
}
The stack trace below shows that only one method was found , all the methods are not found i.e. only the @PostFilter on the getSite() method is found ..
2015-06-26 19:23:17.986 TRACE 13561 --- [ main] .PrePostAnnotationSecurityMetadataSource : Looking for Pre/Post annotations for method 'getSite' on target class 'class au.com.xxx.xxxx.inventory.main.service.SiteServiceImpl'
2015-06-26 19:23:17.987 DEBUG 13561 --- [ main] .PrePostAnnotationSecurityMetadataSource : @org.springframework.security.access.prepost.PostFilter(value=hasPermission(filterObject, 'read')) found on specific method: public au.com.xxxx.xxxx.inventory.main.domain.Site au.com.xxxx.xxxx.inventory.main.service.SiteServiceImpl.getSite(java.lang.Long)
2015-06-26 19:23:17.990 DEBUG 13561 --- [ main] m.DelegatingMethodSecurityMetadataSource : Caching method [CacheKey[au.com.xxxx.xxxx.inventory.main.service.SiteServiceImpl; public abstract au.com.xxxx.xxxx.inventory.main.domain.Site au.com.xxxx.xxxx.inventory.main.service.SiteService.getSite(java.lang.Long)]] with attributes [[authorize: 'permitAll', filter: 'null', filterTarget: 'null'], [authorize: 'null', filter: 'hasPermission(filterObject, 'read')']]
So its strange that other annotations are ignored on the service interface and one particular method is recognized to have the annotation. Alss the strange thing as per the log statements above, it finds the @PostFilter on the service implementation class, BUT THEY ARE DEFINED IN THE INTERFACE !!!!!! And I have made sure there are no other interface/classes of the same name on the classpath.
your stack trace is not clear. it would be helpful if you could post the entire log exactly what you are getting. However here is a quick fix, check whether you have added @Service annotation on your ServiceImpl calss and make sure your service package should be configured in . remember in spring every thing is a component thus they will represent with @Component annotation and @Service and @Repository are the sub annotations of @Component.