Spring Security Annotation

I have spent quite a bit of time on this, Google searches, forum searches, and my own lacking ingenuity. While it seems to have been brought up several times in the past, few have received solid answers, and none of those answers seem to work for me.

Here is my scenario:

User logs in, validated by Spring Security. Upon validation, DPTApplication is called, mapped to the default /app url. The DPTApplication class extends BaseApplication and implements UserChangeListenerinstantiates. The BaseApplication class extends Application and implements HttpServletRequestListener; all of this is taken to replicate the SpringApplication example on the Vaadin svn.

DPTApplication instantiates a new window of the Menu class and sets it as the main window. The Menu class extends Window and implements FooModelListener. Among other things, the Menu class adds a Button component to the window, along with a ClickEvent listener. When the button is clicked, a method in another class, FooServiceImpl, is called. This called method is preceded by the annotation @Secured(“ROLE_ADMIN”) in the style of Spring Security, with the intention of making the button only function if the user is logged in as an administrator.

However, currently, the button works regardless of how you are logged in. I have mocked the @Autowire annotation in the Menu class as follows:

private FooServiceImpl fooService= (FooServiceImpl) SpringContextHelper.getInstance().getBean( "fooServiceImpl" );

I am pretty sure that this is working as I would expect it to, as there is a distinct lack of NullPointerExceptions when I try to do stuff with the resulting variable. FooServiceImpl implements the FooService class, which, itself, is essentially a blank interface, both having been taken almost straight from the SpringApplication example program. Currently, all the button does is print out the words “Security cleared” to the console, rather than any of the methods of the example.

public class FooServiceImpl implements FooService {
	private final static Log logger = LogFactory.getLog(FooServiceImpl.class);
	private EntityManager em;

	public void saveFoo(Foo foo) {
		System.out.println("Security Cleared");

Again, I wish for that @Secured annotation in the FooServiceImpl class to function, so that the text will only be printed if an administrator clicks it.

I have spent days examining the
example, so I know, I
, that what I want to do is possible, but I have as of yet been completely unable to replicate it. I feel that there must be some very basic thing, some key to this mystery, that I have overlooked in my efforts. Any help that could be offered would be much appreciated, and I will provide as much information as I can if more is needed, though I tried to get down all of what I considered relevant here in this post.