You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The 5.8 migration guide advises applications to set @EnableTransationManagement(order = 0) in order to ensure that it has higher priority than @EnableMethodSecurity.
While this is technically correct, in practice and application may have other AOP modules to consider in order to determine where transaction management should go, which Security doesn't know about.
Due to this, it may be helpful for security to warn if @EnableTransactionManagement has a lower precedence than @EnableMethodSecurity, since that's all that Security recommends. It would do this only when prePostEnabled is true and would take into account the order value for @EnableTransactionManagement and offset for @EnableMethodSecurity.
I feel it should be a warning instead of an error since @PostAuthorize is not as commonly used on methods with side-effects and may not be used at all in an application.