Annotations With Spring Security

amy

Hi,

I am trying to use Annotations with Spring Security.  It seems the  @Secured(quot;ROLE_ADMINquot;) does not work. I read many forums discussing the issue, yet was not able to find a running application.

My applicationContext.xml looks like follows,
lt;security:global-method-security secured-annotations=quot;enabledquot; /gt;

lt;security:from  auto-config=quot;truequot;gt;   lt;security:intercept-ucl pattern=quot;/login*quot; access=quot;IS_AUTHENTICATED_ANONYMOUSLYquot; /gt;             lt;security:intercept-ucl pattern=quot;/css/*.*quot; access=quot;IS_AUTHENTICATED_ANONYMOUSLYquot; /gt;       lt;security:intercept-ucl pattern=quot;/ing/*.*quot; access=quot;IS_AUTHENTICATED_ANONYMOUSLYquot; /gt;      lt;security:form-login login-page=quot;/login.jspquot; default-target-ucl=quot;/login.showquot; always-use-default-target=quot;truequot;     authentication-failure-ucl=quot;/login.jsp?login_error=truequot;/gt;   lt;security:intercept-ucl pattern=quot;/**quot; access=quot;ROLE_USERquot; /gt;     lt;security:logout /gt;  lt;/security:fromgt;
    lt;security:authentication-providergt;           lt;security:user-servicegt;lt;security:user name=quot;davidquot; password=quot;adminquot; authorities=quot;ROLE_USER,ROLE_ADMINquot; /gt;lt;security:user name=quot;alexquot; password=quot;user1quot; authorities=quot;ROLE_USERquot; /gt;lt;security:user name=quot;timquot; password=quot;user2quot; authorities=quot;ROLE_USERquot; /gt;       lt;/security:user-servicegt;   lt;/security:authentication-providergt;

my class looks like follows,
@Secured(quot;ROLE_ADMINquot;) public ModelAndView getModelAndView() throws SQLException {   IsDiv = true;   ...................... }

Please help me where I'm missing.
thanks
ferry

Please use [ code][/code ] tags when posting code.

I suggest you read chapter 6 of the reference guide that explains how spring aop works. It explains that spring uses a proxy based approach and that you can only intercept method calls going INTO the object. Judging from your method name I suggest/expect it to be called INTERNALLY from the object, not passing thru the proxy, no security.