Spring Security - how I can enable Method Security annotations?

Question

There is lot of similar questions at StackOverflow, but I can\'t find any answered :(

I have web.xml like:

Answer 1

After you enable <sec:global-method-security> spring security creates proxies for your controllers. spring-mvc can't find annotations like @RequestMapping on bean in this case. If you want to use security annotations on your controllers you should extract interface of controller and put mvc annotations on it. Spring documentation contains following note about this:

NOTE: When using controller interfaces (e.g. for AOP proxying), make sure to consistently put all your mapping annotations - such as @RequestMapping and @SessionAttributes - on the controller interface rather than on the implementation class.