spring security3's protect pointcut is not working

Question

<http > <intercept-url pattern="/a.jsp" access="hasRole('ROLE_X')"/> </http>
in spring security3.0.7 or 3.1
it is Ok. only 'ROLE_X' can see a.jsp page.

but:
<global-method-security > <protect-pointcut expression="execution(* test.Test.o1*(..))" access="hasRole('ROLE_X')"/> </global-method-security>
it is not working,eneryone can use the method test.Test.o1~~

when pre-post-annotations="enabled"
@PreAuthorize("hasRole('ROLE_X')")
it is also not working,eneryone can use the method test.Test.o1~~

i'm so sad~~
any advise or used 'global-method-security' demo , ths.

score 0 · Answer 1 · edited May 23 '17 at 12:20

0

You need to place this annotation in servlet config.

http://static.springsource.org/spring-security/site/faq/faq.html#faq-method-security-in-web-context

See also: Can Spring Security use @PreAuthorize on Spring controllers methods?

edited May 23 '17 at 12:20

Community

1
1

answered Jun 26 '12 at 04:34

Tomasz

5,269
8
56
65

spring security3's protect pointcut is not working

1 Answers1