AuthorizationManager + Method Security Support

[jzheaux]

With the introduction of AuthorizationManager, it may be valuable to have an implementation that makes authorization decisions based on method annotations.

[evgeniycheban]

@jzheaux I can take this.

[jzheaux]

Thanks, @evgeniycheban!

It may be equally tricky to remain backward compatible with ConfigAttributes and metadata sources with this ticket as it was with the filter equivalent.

One way to address this could be to introduce a new annotation @EnableMethodSecurity which would eventually replace @EnableGlobalMethodSecurity. The new annotation would import a new MethodSecurityConfiguration class in charge of publishing the appropriate method interceptor. This would allow applications to opt-in in the same way authorizeHttpRequests does.

[evgeniycheban]

@jzheaux I've created a draft PR with @Secured annotation method security implementation, could you please take a look?

I’m currently implementing the @PreAuthorize annotation support.