spring not enforcing method security annotations

Question

I\'m some what lost as to why spring isn\'t enforcing the @Secured(\"ROLE_USER\") on my service interface. My controllers are established using annotations.

An exam

Answer 1

I had this same problem. Using the information from Kent Lai's reply here, I was able to fix it.

I put the <global-method-security> element in my app-servlet.xml but kept the security definitions separate in security.xml, where web.xml has contextConfigLocation for app-servlet.xml and security.xml.

Works like a charm now!