Hi all, I was wondering if there is already a way to define web level security by using annotations when using Spring Security. What I'd like to do is to move the rule inside the <http> Container in security.xml into the Controller Classes by using annotations. As it's possible for method level security it should be possible for web level security also or is there a problem I don't see.
I think it would make the application much easier to manage, as security.xml would only hold basic configuration (and maybe a default security policy e.g. require ROLE_USER by default for every page unless otherwise specified by annotations). -- Michael Dürgner
