spring not enforcing method security annotations

Question

I\'m some what lost as to why spring isn\'t enforcing the @Secured(\"ROLE_USER\") on my service interface. My controllers are established using annotations.

An exam

Answer 1

Try putting the annotations on the implementation class instead of the interface and see if that works. I ended up doing that on a recent project because I was also using the @Transactional attribute on my service layer, and the Spring docs recommend putting those on the class and not the interface. I don't know if the same issue might apply to @Secured, but I wanted to keep the annotations in the same place. See the Spring Docs

Regarding Kent Lai's answer...that is a good idea...make sure that your security config file is actually being included by Spring.