@Secured({ "ROLE_ADMIN" }) is been ignored

[fatnjazzy]

Hi,
I have a javaconfig file that is working fine.
i debug my application in loading time and i see that the parameter is been transfered.

Code:

@Configuration
public class SpringJavaConfig {	
	@Bean
	public BrandsApi brandsApi(){
		return new BrandsApi();
	}
}

inside BrandsApi I have a method with @Secured({ "ROLE_ADMIN" }) above it

this is how i call the method:

Code:

ApplicationContext ctx = new AnnotationConfigApplicationContext(SpringJavaConfig.class);
	BrandsApi brandsApi = (BrandsApi)ctx.getBean(BrandsApi.class);
        brandsApi.getAll();

but for some reason i can get inside even though I have logged in ROLE_EMPLOYEE

this is my BrandsApi class:

Code:

class BrandsApi extends BaseApi{
	@Secured({ "ROLE_ADMIN" })
	public void getAll() {
		System.out.println("Hello");
	}
}

Attached my xml's config.

Thanks!

[Rob Winch]

Code:

ApplicationContext ctx = new AnnotationConfigApplicationContext(SpringJavaConfig.class);
	BrandsApi brandsApi = (BrandsApi)ctx.getBean(BrandsApi.class);
        brandsApi.getAll();

The ctx object has no knowledge of your Spring Security configuration, so it will not proxy the object. You need to @ImportResource the spring security configuration or use some other means of providing the aspects to secure your object.