Spring security proxying ALL beans in a context?

[samberic]

We recently came across the issue where security wasn't working on our classes which implemented interfaces, where the method wasn't in the interface. After much googling, we foung you can add the proxy-target-class as so:

<security:global-method-security
pre-post-annotations="enabled" proxy-target-class="true">

to make it use CGLib to proxy the class not the interface.

The issue we're having now is that this appears to cause all of the beans in all of the contexts to get CGLib'd, even ones which have nothing to do with Spring Security.

Is there anyway of changing this behaviour, or of getting access to the ProxyFactoryBean to influence that somehow?

[Rob Winch]

AopNamespaceUtils will only register one PostProcessor since it won't know which beans should use which configuration (auto proxying is global). One option is to use standard aop configuration. This is covered a bit by the reference documentation. If you are unfamiliar with AOP, you will probably need to read up on it too.