NFC-47 Restore @EnableMethodSecurity + @secured for /welcome.

SanderKondratjevNortal · SanderKondratjevNortal · commit 8e88ebd3bc74 · 2025-09-09T10:14:23.000+03:00
diff --git a/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java b/example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java
@@ -31,6 +31,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
@@ -40,6 +41,7 @@
 
 @Configuration
 @EnableWebSecurity
+@EnableMethodSecurity(securedEnabled = true)
 public class ApplicationConfiguration {
 
     @Bean
@@ -53,7 +55,6 @@ public SecurityFilterChain filterChain(
             .authorizeHttpRequests(auth -> auth
                 .requestMatchers("/css/**", "/files/**", "/img/**", "/js/**", "/scripts/**").permitAll()
                 .requestMatchers("/").permitAll()
-                .requestMatchers("/welcome").hasRole("USER")
                 .anyRequest().authenticated()
             )
             .authenticationProvider(authTokenDTOAuthenticationProvider)
diff --git a/example/src/main/java/eu/webeid/example/web/WelcomeController.java b/example/src/main/java/eu/webeid/example/web/WelcomeController.java
@@ -24,14 +24,18 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
 
 import java.security.Principal;
 import java.util.Objects;
 
+import static eu.webeid.example.security.AuthTokenDTOAuthenticationProvider.ROLE_USER;
+
 @Controller
+@Secured(ROLE_USER)
 public class WelcomeController {
     private static final Logger LOG = LoggerFactory.getLogger(WelcomeController.class);
 
