It would be nice if DefaultAuthorizationManagerFactory could apply authorization rules automatically, like for certain authorities that are always required.
@Bean
AuthorizationManagerFactory<Object> authorizationManagerFactory() {
return DefaultAuthorizationManagerFactory.hasAllAuthorities("FACTOR_PASSWORD", "FACTOR_X509");
}
These would then be applied to all authorization managers relating to authenticated users. That is, permitAll, denyAll, and anonymous are not affected.
Comment From: therepanic
Hi, @jzheaux. May I attempt to resolve this issue?