From:http://stackoverflow.com/questions/6632982/how-to-create-custom-methods-for-use-in-spring-security-expression-language-anno

None of the mentioned techniques will work anymore. It seems as though Spring has gone through great lengths to prevent users from overriding the SecurityExpressionRoot. Instead, create a bean like this:

@Component("mySecurityService")publicclassMySecurityService{publicboolean hasPermission(String key){returntrue;}}

Then do something like this in your jsp:

<sec:authorize access="@mySecurityService.hasPermission('special')"><input type="button" value="Special Button"/></sec:authorize>

Or annotate a method:

@PreAuthorize("@mySecurityService.hasPermission('special')")publicvoid doSpecialStuff(){...}

And remember: if you are using Spring and you have to solve a problem by extending classes, overriding methods, implementing interfaces, etc... then you're probably doing something wrong. It's all annotations and xml, that's why we love Spring so much and not (old versions of) EJB.