Spring Boot EnableGlobalMethodSecurity无法正常工作

Question

我想创建一个位于uaa前面的sso应用程序，还有一些方法可以在应用程序中使用像@PreAuthorize这样的注释来保护。但是@PreAuthorize不起作用，即使url也不安全。任何一点都会受到欢迎，提前谢谢。

    @Configuration
    @ComponentScan
    @EnableAutoConfiguration
    @RestController
    @RequestMapping("/dashboard")
    @EnableWebSecurity
    @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)
    public class SsoApplication extends GlobalMethodSecurityConfiguration {     

        @RequestMapping("/message")
        @PreAuthorize("hasRole('ADMIN')")
        public Map<String, Object> dashboard() {
            return Collections.<String, Object>singletonMap("message", "Yay!");
        }       

        @RequestMapping("/user")
        @PreAuthorize("authenticated")
        public Principal user(Principal user) {
            return user;
        }       

        public static void main(String[] args) {
            SpringApplication.run(SsoApplication.class, args);
        }       

        @Component
        @EnableOAuth2Sso
        @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
        public static class LoginConfigurer extends WebSecurityConfigurerAdapter {      

            @Override
            public void configure(HttpSecurity http) throws Exception {
                http.csrf().csrfTokenRepository(csrfTokenRepository()).and()
                        .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class).authorizeRequests().and()
                        .logout().logoutUrl("/dashboard/logout").permitAll()
                        .logoutSuccessUrl("/");
            }       

            private Filter csrfHeaderFilter() {
                return new OncePerRequestFilter() {
                    @Override
                    protected void doFilterInternal(HttpServletRequest request,
                                                    HttpServletResponse response, FilterChain filterChain)
                            throws ServletException, IOException {
                        CsrfToken csrf = (CsrfToken) request
                                .getAttribute(CsrfToken.class.getName());
                        if (csrf != null) {
                            Cookie cookie = new Cookie("XSRF-TOKEN",
                                    csrf.getToken());
                            cookie.setPath("/");
                            response.addCookie(cookie);
                        }
                        filterChain.doFilter(request, response);
                    }
                };
            }       

            private CsrfTokenRepository csrfTokenRepository() {
                HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
                repository.setHeaderName("X-XSRF-TOKEN");
                return repository;
            }
        }
    }

如果SsoApplication不扩展GlobalMethodSecurityConfiguration，则会出现异常：

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.aopalliance.intercept.MethodInterceptor]: Factory method 'methodSecurityInterceptor' threw exception; nested exception is org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
    ... 46 more
Caused by: org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built
    at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:44)
    at org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.getAuthenticationManager(AuthenticationConfiguration.java:81)
    at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.authenticationManager(GlobalMethodSecurityConfiguration.java:257)
    at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.methodSecurityInterceptor(GlobalMethodSecurityConfiguration.java:123)
    at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$420668b7.CGLIB$methodSecurityInterceptor$8(<generated>)
    at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$420668b7$$FastClassBySpringCGLIB$$5167ccd.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:355)
    at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$420668b7.methodSecurityInterceptor(<generated>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)