PreAuthorize problem

[eercan]

Hi,

I am using Spring 3.2.1, Spring Security 3.1.3 and Tapestry 4.1.6. I am trying to configure roles and permissions with spring security but I am having problems in adding method level security controls to the code. PreAuthorize annotations are being ignored.

I've added a spring-security.xml file

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:security="http://www.springframework.org/schema/security"
        xsi:schemaLocation="http://www.springframework.org/schema/beans 
                        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security 
                        http://www.springframework.org/schema/security/spring-security-3.1.xsd">

       <security:global-method-security pre-post-annotations="enabled" />

        <security:http auto-config="true" use-expressions="true" authentication-manager-ref="authenticationManager" />

</beans>

This is a part from web.xml file.

Code:

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
       /WEB-INF/spring-security.xml
       classpath*:/**/*.beans.xml
    </param-value>
  </context-param>

I've added PreAuthorize to the saveUser method. (non-admin users cannot save user changes.)

Code:

@PreAuthorize("hasRole('ROLE_ADMIN')")
public boolean saveUser(User user) {
    ...
}

The other question is, is it possible to configure acls in the ui part, which is in Tapestry 4?