我如何告诉Spring我是某个具有某些权限的用户，然后使用该用户访问@Secured方法？

Question

鉴于以下用户：

  <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <user-service>
                <user name="dev" password="devpass" authorities="DEV" />
                <user name="user" password="userpass" authorities="USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

我想成为'用户'，然后访问安全方法

  @Secured("DEV")
  public void devOnly() {
    // .. dev stuff
  }

到目前为止，我已经尝试了很多东西，无法让@Secured抛出AccessDeniedException

编辑：添加了配置文件

的web.xml

<?xml version="1.0" encoding="UTF-8"?>
   <web-app id="WebApp_ID" version="2.5"
         xmlns="http://www.java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         xsi:schemaLocation="http://www.java.sun.com/xml/ns/javaee
         http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">



<display-name>Spring MVC Application</display-name>

<!-- Spring MVC -->
<servlet>
    <servlet-name>mvc-dispatcher</servlet-name>
    <servlet-class>
        org.springframework.web.servlet.DispatcherServlet
    </servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            classpath:/mvc-dispatcher-servlet.xml
        </param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>
        org.springframework.web.context.ContextLoaderListener
    </listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        classpath:/mvc-dispatcher-servlet.xml
        classpath:/spring-security.xml
    </param-value>
</context-param>

<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

弹簧security.xml文件

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<global-method-security secured-annotations="enabled" />

<http auto-config="true">
    <form-login/>
    <http-basic/>
    <!--<intercept-url pattern="/welcome*" access="ROLE_USER" />-->
</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="admin" password="password" authorities="ROLE_ADMIN" />
        </user-service>
    </authentication-provider>
</authentication-manager>

MVC-调度-servlet.xml中

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="
    http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context-3.0.xsd">

<context:component-scan base-package="com.rodly.testapp" />

<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix">
        <value>/WEB-INF/frontend/</value>
    </property>

    <property name="suffix">
        <value>.jsp</value>
    </property>
</bean>