Describe the bug After using the version Latest corresponding to Boot3 and opening the annotation @ EnableMethodSecurity, @ PreAuthorize is still invalid, but using the old @ EnableGlobalMethodSecurity is normal to enter @ PreAuthorize. What is missing or a bug
To Reproduce Use @ EnableMethodSecurity
Expected behavior @PreAuthorize needs to work
Comment From: evgeniycheban
Hi, @twelvet-s can you provide a code example for reproducing this issue?
Comment From: twelvet-s
你好, @twelvet-s你能提供一个代码示例来重现这个问题吗?
When I use the annotation '@ enableGlobalMethodSecurity', it is normal to enter and determine permissions. After using '@ enableMethodSecurity', it becomes invalid
Comment From: evgeniycheban
Hi, @twelvet-s, thanks for the reply, unfortunately, I couldn't reproduce it.
What is meant by "it becomes invalid"? What output are you getting when using @EnableMethodSecurity?
Could you please share a repository with the minimal configuration that is close to your project to reproduce this issue?
That would help me with debugging it.
Comment From: twelvet-s
https://github.com/twelvet-s/twelvet/tree/master-boot-3
Under this branch
Comment From: twelvet-s
Using @ enableGlobalMethodSecurity is a normal entry permission judgment, but it has been replaced by a new one, which has no effect
Comment From: twelvet-s
When using the new annotation @ enableMethodSecurity, it will not enter the judgment of the @ PreAuthorize annotation. The deprecated @ enableGlobalMethodSecurity can
Comment From: evgeniycheban
It seems that when @EnableMethodSecurity is defined on another annotation it doesn't get imported, could you try using @EnableMethodSecurity on the configuration class itself? If that is the case, I will provide a fix.
Comment From: twelvet-s
Yes, I really hope to provide some help. Is this a bug? If so, I am also looking forward to fixing it because I tend to use it this way. Thank you very much for your help
Comment From: evgeniycheban
I'll start implementing a fix tomorrow, have you tried using @EnableMethodSecurity on the configuration class instead of annotation? I propose you try using it this way as a workaround until the fix is ready.
Comment From: twelvet-s
It's okay, I can wait for your repair. This is a new departure for Boot3, and we need to provide more time to support its development. Finally, thank you very much for your attention
Comment From: marcusdacoregio
Hi folks, I talked to the team and we decided that this is an enhancement. Therefore I'll schedule it for the next minor version and update the title accordingly. Thank you.
Comment From: marcusdacoregio
Closing in favor of https://github.com/spring-projects/spring-security/pull/13120