Rob Winch (Migrated from SEC-2150) said:
When annotating an interface at the class level (rather than the method level), only the methods defined on the interface are protected. This makes sense, but is inconvenient when working with Something like Spring Data. It would be nice if one could apply the annotation to super interfaces (or a subset of interfaces)
Rob Winch said:
Both the PreAuthorize & Secured annotations should now work. The JSR annotations will not work since JSR-256 states that the annotations have no impact on interfaces.
Eric Sirianni said:
This JIRA seems to imply that method-level security annotations on Spring Data Repositories should work. However, I'm getting errors when trying apply them -- please see DATAJPA-694. Rob - do you have any thoughts?