Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1204: MethodSecurityInterceptor doesn't secure implemented interfaces #1449

spring-issuemaster opened this Issue Jul 21, 2009 · 3 comments


None yet
1 participant

Dan Diephouse (Migrated from SEC-1204) said:

For two examples out there in the community:


This is a regression from Acegi.

Luke Taylor said:

Have you tried it with class-proxying disabled? It should work with either the interface or the class name.

For example, with the following configuration

securityInterceptor target org.springframework.security.ITargetObject.makeLower_=ROLE_A org.springframework.security.TargetObject.makeUpper_=ROLE_A org.springframework.security.ITargetObject.computeHashCode*=ROLE_B

Then calling both the makeLower and makeUpper methods on the "target" object (with no security context) results in an AuthenticationException, indicating that the interceptor is applied.

Luke Taylor said:

Any further input? If not I will close the issue.

Luke Taylor said:

No feedback in over a month, so closing the issue. The general statement that interface proxying isn't supported by MethodSecurityInterceptor is clearly inaccurate since we have tests in place which do just this. If more specific issues can be isolated then please raise them individually.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 RC1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment