I am currently working on securing a web application using spring-security 3.0. I have gotten most of my issues figured out but I am trying to gain a better understanding of exactly what I am doing (copy and paste FTL).

I watched this video in which he stated that the @Secured should not be used anymore except for certain situations. He also shows a list of annotations and methods that can be used (around 44:50) but doesnt explain them. He simply shows them being used. So I took a look through the documentation and found this. So I add the required code to my xml file, and I try @PreAuthorize("hasAuthority('ROLE_ADMIN')") and it doesn’t work. I then realize that hasAuthority is not a method (thank you documentation for confusing me). I change it to @PreAuthorize("hasRole('ROLE_ADMIN')") and VOILA, it works.

Now, I’m wondering (other then why is the documentation wrong) where can I find more information on the pre-post-annotation types and methods that were so nicely listed in the presentation? I tried the Google but maybe I’m searching for the wrong terms. Also, JSR250 annotations were mentioned as being the proper ones to use but I have found no information on this either. Is my google broken or am I simply looking in the wrong places?