@Secured() is there any statement show on log...?

Question

i annotated a bean class with @Secured and when i call the bean, there is no security exception throw even when no user login yet. i trying to debug it. my question is when we annotate a method/class with @Secured, when spring app start, is there any statement printed on log....?

i already put below log bean in appcontext.xml

<bean class="org.springframework.security.event.authentication.LoggerListener"/><bean class="org.springframework.security.event.authorization.LoggerListener"/>

can anyone tell me what statement should i aware when reading the log to check whether my method is protected by @Secured ?

Answer 1

If you have Spring Security setup correctly you should see quite a few lines in your log file telling you that the 'SpringSecurityFilterChain' has been setup correctly. Do you see these? My guess is your config is not correct - I believe I answered this question in a previous post.

Looking at your log here is your issue:

Security interception not required for public secure object: FilterInvocation: URL: /testapplication.html

Pastebin your entire security configuration, it seems you are not correctly specificying which parts of your application (URLs) are supposed to be protected. Spring Security thinks your entire application is open.