If spring webmvc controllers are written in groovy rather than Java the controller mapping is lost when using a @PreAuthorize annotation on a controller method with @EnableGlobalMethodSecurity switched on.
The problem seems to be related to SPR-6268, which is a (now fixed) bug that prevented groovy controllers working at all.
The problem can be resolved with 'proxyTargetClass=true', which was also the solution in SPR-6268, where this was made the default.
Presumably part of the groovy compilation magic involves adding interfaces to classes at compile time which is causing the proxy generation to become interface based breaking AnnotationUtils.
If this is not an easy fix, it might be a good idea to include this in the documentation somewhere because it took me quite a long time to track it down. Not sure how many groovy + spring mvc + spring security people are out there, but I can't be the only one :).
The text was updated successfully, but these errors were encountered: