Why is my custom PermissionEvaluator not called?

I am struggling with my Spring security configuration, which I have not been able to do so far. I don't know why my custom PermissionEvaluator does not start, and the @PreAuthorize annotation using the hasPermission expression is ignored.

I am using Spring 4.2.4 and Spring security 4.1.0

This is my code:

Web security configuration

@Configuration @EnableWebSecurity public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http // .addFilterBefore(wafflePreAuthFilter(), AbstractPreAuthenticatedProcessingFilter.class) // .authenticationProvider(preauthAuthProvider()) // .csrf().disable() // .authorizeRequests() // .antMatchers("/ui/**").authenticated() // .anyRequest().permitAll(); } @Bean public WafflePreAuthFilter wafflePreAuthFilter() throws Exception { WafflePreAuthFilter filter = new WafflePreAuthFilter(); filter.setAuthenticationManager(authenticationManager()); return filter; } @Bean public PreAuthenticatedAuthenticationProvider preauthAuthProvider() { PreAuthenticatedAuthenticationProvider preauthAuthProvider = new PreAuthenticatedAuthenticationProvider(); preauthAuthProvider.setPreAuthenticatedUserDetailsService(userDetailsServiceWrapper()); return preauthAuthProvider; } @Bean public UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> userDetailsServiceWrapper() { UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> wrapper = new UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken>(); wrapper.setUserDetailsService(myUserDetailsService()); return wrapper; } @Bean public UserDetailsService myUserDetailsService() { return new myUserDetailsService(); } } 

Security Configuration Method

 @Configuration @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true) public class MyServiceMethodSecurityConfig extends GlobalMethodSecurityConfiguration { @Bean public PermissionEvaluator myPermissionEvaluator() { return new DcePermissionEvaluator(); } @Override public MethodSecurityExpressionHandler createExpressionHandler() { DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler(); expressionHandler.setPermissionEvaluator(myPermissionEvaluator()); return expressionHandler; } } 

PermissionEvaluator

 public class MyPermissionEvaluator implements PermissionEvaluator { @Autowired private MyService myAutowiredService; @Override public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) { // checking permissions return true; } @Override public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) { // checking permissions return true; } } 

Can anyone give me a hint on what to do?

By the way, if I change MyServiceMethodSecurityConfig to this, then myPermissionEvaluator is processed, but the dependency injection does not work, since it is not managed by Spring:

 @Configuration @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = false) public class MyServiceMethodSecurityConfig extends GlobalMethodSecurityConfiguration { @Override public MethodSecurityExpressionHandler createExpressionHandler() { DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler(); expressionHandler.setPermissionEvaluator(new DcePermissionEvaluator()); return expressionHandler; } }