Spring Security Add MethodSecurityMetadataSource for whitelist based method security annotations

Summary

When using Annotation based method security, Spring Boot does not provide a way to whitelist controller methods by default, it is blacklist based instead. E.g. if an annotation for a controller method is omitted then the authorization scheme form HttpSecurity configuration is applied.

Sample

By using the custom MethodSecurityMetadataSource provided by this package, all requests to controller methods that are not explicitly annotated will be denied by default. This provides better security in situations where developers forget to annotate controller methods.

https://github.com/rkuijt/spring-security-method-whitelisting

Comment From: rkuijt

Closing this request for now. I found the implementation to conflict when using ControllerAdvices resulting in unexpected behavior. Better process this request through fork/PR.