Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1278: Location of <global-method-security> #1506

spring-issuemaster opened this Issue Oct 26, 2009 · 2 comments


None yet
1 participant

Hauke Rabe (Migrated from SEC-1278) said:

The configuration of is commented in the spring security documentation and is always placed in a security-context configuration.

But in a enviroment with different contextes which can be dynamically like a rest-context which is defined over a servlet-mapping the location must be in the rest-context instead of security-context.

Document where to place the in dynamically enviroments or support the config in the security-context.

Luke Taylor said:

There's nothing special about where you place . The normal rules for Spring application (parent and child) contexts apply, and there is no such thing as a "security-context" configuration. You can define your Spring Security beans in any part of the main application context - there is nothing special about them.

I'm assuming this is basically the same issue as this FAQ:


i.e. the web context is normally a child context and hence not visible to the main application context.

@spring-issuemaster spring-issuemaster added this to the 3.0.0.RC2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment