I am trying to secure Spring-Data repositories by using @PreAuthorize annotations on the my repository interface (since most methods are inherited) so that all methods get secured.
The result is that any custom methods included in my interface get security by all methods inherited by Spring-Data interfaces are not.
Applying the same thing on a simple component interface extending a superinterface will work properly.
I am not sure whether this is a Spring-Security or Spring-Data issue. I would appreciate some help figuring this out.
I attach an example with unit tests for the working service setup and the non working Spring-Data repository. The failing testSuperRepositoryWithUser should get an AccessDeniedException, but the @PreAuthorize annotation does not apply on the JpaRepository interface.