Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Spring MVC Integration with Spring Security's @PreAuthorize Annotation
Branch: master
Fetching latest commit...
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
src/main Fixed comment Update
pom.xml Added sample maven managed web project


Spring MVC Integration with Spring Security's @PreAuthorize Annotation

Read the introductory post on our blog:

This is a sample web project with a few extended Spring MVC classes demonstrating how to integrate Spring Security's @PreAuthorize annotation into Spring MVC's request routing mechanism:

public String authenticatedHomePage() {
    return "authenticatedHomePage";

public String homePage() {
    return "homePage";

Normally, the code above would not work in Spring MVC because there's a duplicate mapping. Using this project, Spring MVC will route a request for "/" to authenticatedHomePage() if the user is authenticated. Otherwise it will go to homePage().

Within an expression, you can reference hasPermission(), authentication, principal, and, depending on the SecurityExpressionHandler in use, request. You can also reference any path variables defined in the @RequestMapping annotation:

@PreAuthorized(" == #name")
public String securePage() {
    return "securePage";

Finally, if a handler is matched for a request based on the @RequestMapping specification but fails the security expression (and there are no other suitable handlers), an AccessDeniedException is thrown for Spring Security's ExceptionTranslationFilter to deal with as it sees fit.

Something went wrong with that request. Please try again.