Method level constraints
Like traditional Spring WebMvc applications, you can use a @PreAuthorize("hasRole('ADMIN')")
annotation on your methods to prevent the execution of this method if the evaluation of the expression defined in the PreAuthorize
is false.
To enable the method level security, add an extra @EnableReactiveMethodSecurity
to your configuration class.
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
class SecurityConfig {
}
In your business codes, add @PreAuthorize("hasRole('ADMIN')")
annotation to your method.
@PreAuthorize("hasRole('ADMIN')")
Mono<Post> delete(Long id) {
Post deleted = data.get(id);
data.remove(id);
return Mono.just(deleted);
}
If you want to Java EE/Jakarta EE compatible annotations, such RolesAllowed
, etc. Add an attribute to the @EnableGlobalMethodSecurity
annotation.
@EnableGlobalMethodSecurity(jsr250Enabled = true)