Thanks for your response
I will try and put a sample app today.
Incase it helps, these are the steps.
0. I am deploying my app on virgo (3.0.3.RELEASE)
1. I have a core bundle which exposes a service and has @PreAuth anotations on the interface
2. A web bundle which uses this service.
3. After I deploy and try to load the url, I am getting the below exception.
[2012-08-24 12:04:29.178] INFO http-bio-8080-exec-3 System.out org.springframework.security.access.AccessDeniedEx ception: Access is denied
[2012-08-24 12:04:29.178] INFO http-bio-8080-exec-3 System.out 252881 [http-bio-8080-exec-3] ERROR c.w.HomeController - handleAccessDeniedException####Access is denied
(attached stack trace)
what i just learnt is.. in the osgi context spring-security is not working.
1. when the authorize annotations are on interface, it always throws AccessDenied irrespective of the roles.
2. when the annotations are on impl, its allowing all users despite not having the role.
I used @preAuthorize annotations in one bundle and defined the global-security-bean in another bundle.
After I moved them to the same bundle It started working fine.
Hope this helps someone and saves some time.