Hi all,

for first sorry for my english.

I'm using spring-security 3.1 into a Spring3 web application but I can't intercept URL with PUT or DELETE method.

I'm using the httpMethodFilter (works fine with controller classes) and placed it before the springSecurityFilterChain in web.xml

example
Code:
<security:intercept-url pattern="/user/*" access="hasAnyRole('ROLE_USER_WRITE')" method="DELETE"/>
Logged user don't have ROLE_USER_WRITE (only ROLE_USER_READ) but the delete method is not intercepted!!!
If i change the code with

Code:
<security:intercept-url pattern="/user/*" access="hasAnyRole('ROLE_USER_WRITE')" method="POST"/>
It works fine.

It seems don't recognize PUT and DELETE verb but only GET and POST.
I can change my URLs but I prefer to find a RESTful solution.

Thanks in advance.