How to debug Spring Security authorization annotations?
You can add to your application.yaml
:
logging.level.org.springframework.security: DEBUG
Or add to application.properties
:
logging.level.org.springframework.security=DEBUG
Or add to your WebSecurityConfig
annotation EnableWebSecurity
with debug = true
:
@Configuration
@EnableWebSecurity(debug = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
// ...
}
Set the log level of org.springframework.security to debug. On invoking the method with annotations, you can find log messages that indicate interceptor being applied, especially look for: DEBUG MethodSecurityInterceptor
Updated: That means there is some config difference between your sample app and main app Some pointers to look for:
the <global-method-security> tag needs to be in the same context as your Spring MVC configuration otherwise your controllers will not be post processed. Refer: http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/faq.html#faq-method-security-in-web-context
you might need pre-post-annotations="enabled", with expressionHandler set.
make sure tag <global-method-security> is in application context