Oct 31st, 2011, 08:25 AM
Could anyone please describe for me, or point me to a description of, what the security shorthand
<sec:global-method-security secured-annotations="enabled" />
does? It looks like I need to build an entire HTTP processing filter chain from scratch using bean notation, and I'd like to know what authentication-managers, filters, voters, annotation processors, etc. need to be created. I love the security namespace shorthand, except when it doesn't exactly fit my problem. I find it difficult to reimplement certain security namespace tags using standard bean XML, as I haven't found documentation as to what each sec tag actually does.
In this case, I need to have @Secured method annotations processed and enforced by the voters, but without a number of the other parts of the standard HTTP filter chain. I haven't even been able to figure out which voter @Secured annotations apply to. I see there is a Jsr250Voter for those annotations, but none for secured-annotations. Perhaps @Secured just uses the RoleVoter?
Tags for this Thread