Spring security and PreAuthorize

hi

I use spring boot in a rest architecture and i would like to allow only some user to access some function.

@Configuration @EnableWebSecurity public class ApplicationSecurity extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception {    http.authorizeRequests()            .antMatchers("/login").permitAll()            .antMatchers("/rest/**").authenticated();    http.csrf().disable();    http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);    http.formLogin().successHandler(authenticationSuccessHandler);    http.formLogin().failureHandler(authenticationFailureHandler);    http.logout().logoutUrl("/logout");    http.logout().logoutSuccessUrl("/"); }


In one of my service interface, i added this annotation

@PreAuthorize("hasRole('ADMIN')")


but actually that don't work, all role seem to have access to this function

do i need another thing to setup in the config?