SEC-2150: Annotating at class level does not protected Spring Data Repositories methods that are not overriden #2339

spring-issuemaster opened this Issue Mar 15, 2013 · 2 comments

2 participants


Rob Winch (Migrated from SEC-2150) said:

When annotating an interface at the class level (rather than the method level), only the methods defined on the interface are protected. This makes sense, but is inconvenient when working with Something like Spring Data. It would be nice if one could apply the annotation to super interfaces (or a subset of interfaces)


Rob Winch said:

Both the PreAuthorize & Secured annotations should now work. The JSR annotations will not work since JSR-256 states that the annotations have no impact on interfaces.


Eric Sirianni said:

This JIRA seems to imply that method-level security annotations on Spring Data Repositories should work. However, I'm getting errors when trying apply them -- please see DATAJPA-694. Rob - do you have any thoughts?

@spring-issuemaster spring-issuemaster added this to the 4.0.0.RC1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment