Home/ Questions/Q 8796391
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T23:36:43+00:00

I want to apply method level security in my web app so that only

  • 0

I want to apply method level security in my web app so that only authorized users can access those service layer methods.

There are two ways to implement this.

1) To annotate my service layer methods with @Secured annotation and in the dispatcher-servlet.xml file with configuration (<security:global-method-security secured-annotations="enabled" />).

But this would take a lot of time in my case as there are so many service class and methods already created so finding the methods and annotate them will not be a good way.

2) To define a point cut expression for methods level security that will automatically detect the methods having my custom annotation @SecuredAdmin in my services and secure them with the role ROLE_ADMIN.

In my case the option 1) is working very fine when I tried to test. And there is no issue. But when I tried the option 2) with following configuration I am not able to start my application.

<security:global-method-security>
        <security:protect-pointcut access="ROLE_ADMIN" expression="execution(@com.xxx.yyy.zzz.services.SecuredAdmin * *.*(..))"/>
    </security:global-method-security>

I am getting following exception when I tried to start my server.

java.lang.IllegalArgumentException: error annotation type patterns are only supported at Java 5 compliance level or above
    org.aspectj.weaver.tools.PointcutParser.parsePointcutExpression(PointcutParser.java:302)
    org.aspectj.weaver.tools.PointcutParser.parsePointcutExpression(PointcutParser.java:279)
    org.springframework.security.config.method.ProtectPointcutPostProcessor.postProcessBeforeInitialization(ProtectPointcutPostProcessor.java:94)
    org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:394)
    org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1448)
    org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
    org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
    org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
    org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
    org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
    org.springframework.context.support.AbstractApplicationContext.initMessageSource(AbstractApplicationContext.java:773)
    org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:452)
    org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:631)
    org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:588)
    org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
    org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
    org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
    org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
    javax.servlet.GenericServlet.init(GenericServlet.java:160)
    org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
    org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:333)
    org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:219)
    org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
    org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    java.lang.Thread.run(Unknown Source)

I have tried every possible way to change the code compliance level to 1.6 in both pom files and eclipse project properties.

I am using Spring-Security 3.0 and aspectj related libraries are as following.

spring-aop-3.1.0.RELEASE.jar

spring-aspects-3.1.0.RELEASE.jar

aspectjrt-1.6.5.jar

aspectjweaver-1.6.5.jar

Please help me in this regards. Ask me if you require any further information.

Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You have to configure aspect weaver to use java 1.6 compliance level. Add something like that to your pom.xml in build plugins section.

    <plugin>
   <groupId>org.codehaus.mojo</groupId>
   <artifactId>aspectj-maven-plugin</artifactId>
   <version>1.4</version>
   <executions>
      <execution>
         <goals>
            <goal>compile</goal>
            <goal>test-compile</goal>
         </goals>
       </execution>
   </executions>
   <configuration>
      <source>1.6</source>
      <target>1.6</target>
      <encoding>UTF-8</encoding>
      <aspectLibraries>
         <aspectLibrary>
            <groupId>org.springframework</groupId>
            <artifactId>spring-aspects</artifactId>
         </aspectLibrary>
      </aspectLibraries>
   </configuration>
</plugin>
    • 0