I just faced,that in order to use specific annotations for Spring Security,
I should explicitely allow them in my config(applicationContext.xml)
Example:
<sec:global-method-security secured-annotations="enabled" />
<sec:global-method-security jsr250-annotations="enabled" />
...
What advantages do you see in approach of explicitely declare what annotations
are allowed in our frameworked application?
Looks like overconfiguration,isn't it?
One possible benefit is that it allows Spring Security to throw an exception when desired annotations are not present in the classpath (though it's mostly about JSR-250 annotations, since other annotations are parts of Spring Security itself).
Otherwise Spring Security would have to silently ignore absence of annotations, that may lead to surprising behaviour.