@PreAuthorize not being invoked
I am currently trying to implement Spring Security in my sample maven project.I am using Eclipse Indigo with java6.
The requirement is to give a user access to methods based on his permission.
Plan is to implement this using @PreAuthorize hasRole('ROLE_XYZ')
Problem is @PreAuthorize is not being invoked.ie all users are able to access all my methods.
I have set the global-security-method pre-post-annotation as enabled.
Filter is PRE_AUTH_FILTER with custom class.
At first I had put the @PreAuthorize in my controller class but later on move to a service and @Autowired it.
As I debug my code I can see the principal and grantedAuthoroties with correct values.
I read that the hasRole looks for SecurityExpressionRoot value so implemented the expression handler property RootHierarchy.But this class is not being parsed while debugging.
Can anyone please give a checklist of sorts on implementing hasRole?
I did go through the document in site ,its good; but I am not able to identify why the annotations are being ignored and how to set my ROLE.