Do you have the statement

你有声明吗

<global-method-security   secured-annotations="enabled" jsr250-annotations="enabled" />

in the same configuration file as the one you defined the MyServiceManager bean? I had the same problem until I turned on debug for org.springframework, and noticed that spring security was only applied on the same file as the ones where global-method-security was defined in.

在与您定义 MyServiceManager bean 相同的配置文件中？在我为 org.springframework 打开调试之前，我遇到了同样的问题，并注意到 spring 安全性仅应用于与定义 global-method-security 的文件相同的文件。

In my case, the exact location of this statement:

就我而言，此语句的确切位置：

<global-method-security secured-annotations="enabled" >

proved to be very important. Make sure that you put it afteryou declare which classes should be scanned and used as controllers.

被证明是非常重要的。确保在声明应扫描哪些类并将其用作控制器之后放置它。

<context:component-scan base-package="com.test.controller" />

This is the way to make sure that the @Secured annotations will also get into the game

这是确保@Secured 注释也会进入游戏的方法

After doing more research on this problem I came to the following conclusion/solution. I'm not sure if it's 100% correct..but it works.

在对这个问题做了更多研究之后，我得出了以下结论/解决方案。我不确定它是否 100% 正确..但它有效。

I put all of my configuration in the dispatcher-servlet.xml file. So instead of having a disptacher-servlet.xml and application-context.xml. The dispatcher-servlet.xml is loaded by the application (contextConfigLocation). Within the dispatcher-servlet.xml I import my security-context.xml and datasource-context.xml. Afer that, everything works.

我将所有配置放在 dispatcher-servlet.xml 文件中。所以，而不是有一个 disptacher-servlet.xml 和 application-context.xml。dispatcher-servlet.xml 由应用程序 (contextConfigLocation) 加载。在 dispatcher-servlet.xml 中，我导入了 security-context.xml 和 datasource-context.xml。之后，一切正常。

I had this same problem. Using the information from Kent Lai's reply here, I was able to fix it.

我有同样的问题。使用 Kent Lai 在这里的回复中的信息，我能够修复它。

I put the <global-method-security>element in my app-servlet.xmlbut kept the security definitions separate in security.xml, where web.xmlhas contextConfigLocationfor app-servlet.xmland security.xml.

我将<global-method-security>元素放在 my 中，app-servlet.xml但将安全定义分开security.xml，其中web.xml有contextConfigLocationforapp-servlet.xml和security.xml。

Works like a charm now!

现在就像一个魅力！

Did you use something like this in your web.xml

你有没有在你的 web.xml 中使用过这样的东西

<servlet>
    <servlet-name>name</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring/webmvc-config.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

I'm not sure why, but if I use the DispatcherServlet I was not able to enforce Security annotations

我不知道为什么，但是如果我使用 DispatcherServlet 我就不能强制执行安全注释

Try putting the annotations on the implementation class instead of the interface and see if that works. I ended up doing that on a recent project because I was also using the @Transactional attribute on my service layer, and the Spring docs recommend putting those on the class and not the interface. I don't know if the same issue might apply to @Secured, but I wanted to keep the annotations in the same place. See the Spring Docs

尝试将注释放在实现类而不是接口上，看看是否有效。我最终在最近的一个项目中这样做了，因为我也在我的服务层上使用了 @Transactional 属性，并且 Spring 文档建议将它们放在类上而不是接口上。我不知道同样的问题是否适用于 @Secured，但我想将注释保留在同一个地方。查看Spring 文档

Regarding Kent Lai's answer...that is a good idea...make sure that your security config file is actually being included by Spring.

关于 Kent Lai 的回答……这是个好主意……确保您的安全配置文件实际上已被 Spring 包含在内。

I had this same problem. After I added:

我有同样的问题。在我添加后：

<context:annotation-config />

in my spring-security.xml file it disappeared.

在我的 spring-security.xml 文件中它消失了。

Hope this will help someone :)

希望这会帮助某人:)