Hi everybody,
I have setup an application to make use of web flows.
But when it comes to use the <sec:authorize /> tag in my JSPXs views, the permission evaluator (it's a custom implementation) is not invoked (I'm sure about that because I tried to toggle a breakpoint).

Webflow configuration (WEB-INF/spring/webflow.xml)
HTML Code:
	<!--Maps request paths to flows in the flowRegistry -->
	<bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping">
		<property name="order" value="0"/>
		<property name="flowRegistry" ref="flowRegistry"/>
		<property name="interceptors">
			<array>
				<ref bean="conversionServiceExposingInterceptor"/>
			</array>
		</property>
	</bean>

	<!-- Dispatches requests mapped to flows to FlowHandler implementations -->
	<bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter">
		<property name="flowExecutor" ref="flowExecutor"/>
	</bean>

	<bean class="org.springframework.webflow.security.SecurityFlowExecutionListener" id="securityFlowExecutionListener" />
	<!-- Executes flows: the entry point into the Spring Web Flow system -->
	<webflow:flow-executor id="flowExecutor">
		<webflow:flow-execution-listeners>
			<webflow:listener ref="securityFlowExecutionListener"/>
		</webflow:flow-execution-listeners>
	</webflow:flow-executor>

	<!-- The registry of executable flow definitions -->
	<webflow:flow-registry base-path="/WEB-INF/views" flow-builder-services="flowBuilderServices" id="flowRegistry">
		<webflow:flow-location-pattern value="/**/flow.xml"/>
	</webflow:flow-registry>

	<!-- Plugs in a custom creator for Web Flow views -->
	<webflow:flow-builder-services development="true" id="flowBuilderServices" validator="cmc_validator" view-factory-creator="mvcViewFactoryCreator"/>

	<bean class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator" id="mvcViewFactoryCreator">
		<property name="viewResolvers" ref="tilesViewResolver"/>
	</bean>
	<bean class="org.springframework.web.servlet.handler.ConversionServiceExposingInterceptor" id="conversionServiceExposingInterceptor">
		<constructor-arg ref="conversionService"/>
	</bean>
</beans>
Security context (META-INF/spring/applicetionContext-security)
HTML Code:
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:util="http://www.springframework.org/schema/util"
	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd">
	
        <!-- UserDetailsService, PasswordEncoder, SaltSource and other beans related to authentication mechanism -->

	<global-method-security pre-post-annotations="enabled" mode="aspectj">
		<expression-handler ref="expressionHandler"/>
	</global-method-security>

	<beans:bean id="expressionHandler"
		class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
		<beans:property name="permissionEvaluator">
			<beans:bean class="it.cmc.security.acl.AclPermissionEvaluator" />
		</beans:property>
	</beans:bean>

</beans:beans>
What am I doing wrong?

Thanks,
Stefano