@PreAuthorize not working

[kano22]

Hello,
I am new to SpringMVC and Spring Security and i just can't get @PreAuthorize to work correctly (3rd day i'm looking for a solution). The normal Authentification (over web.xml) is working well.

I have added following to my security xml:

Code:

<global-method-security pre-post-annotations="enabled" />

And following before my function in the controller:

Code:

@PreAuthorize("hasRole('normalo')")

I also added the Dependencies (i hope the right ones!?) to pom.xml:

Code:

		
 <dependency>
 	<groupId>org.springframework.security</groupId>
 	<artifactId>spring-security-config</artifactId>
 	<version>${org.springframework-version}</version>
 </dependency>
 <dependency>
 	<groupId>org.springframework.security</groupId>
 	<artifactId>spring-security-core</artifactId>
 	<version>${org.springframework-version}</version>
 </dependency>
 <dependency>
 	<groupId>org.springframework.security</groupId>
 	<artifactId>spring-security-web</artifactId>
 	<version>${org.springframework-version}</version>
 </dependency>

I am using the Spring Tool Suite 3.1.0.

I've packed an example project to better show you my problem. You can test the normal authentification with /auth and the PreAuthorize with /preauth. User: test - Password: 123

Hope you can help me and thanks in advance.

Regards

[Marten Deinum]

Please use the forum search as this question has been answered before...

Move your global-method-security element to the context file containing/scanning your controllers. (I suggest a read of chapter 3 of the spring reference guide). Bean(Factory)PostProcessors will only operate on beans in the same application context, my guess is your security.xml is loaded by the ContextLoaderListener and your controller by the DispatcherServlet (both create an applicationcontext).