Spring Security 保护方法

我用spring security保护方法,但好像不起作用
这是我的spring-security的代码<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">   <security:http auto-config="true">
         <security:intercept-url pattern="/index.jsp" filters="none"/>
        <security:intercept-url pattern="*.swf" filters="none"/>
        <security:intercept-url pattern="*.html" access="ROLE_USER"/>
    </security:http>
    
    
     <security:authentication-provider user-service-ref="userDetailsService" />
<bean id="userDetailsService" class="com.mycompany.flex.security.UserDetailsServiceImpl" />

<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
    <ref local="daoAuthenticationProvider" /> 
</list>
</property>
</bean>

   <bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
<!-- access for method -->    <security:global-method-security>
        <security:protect-pointcut
            expression="execution( * com.mycompany.flex.sample.dao.*DAOImpl.search*(..))"
            access="ROLE_ADMIN_for"/>
    </security:global-method-security>
   <!-- <bean id="target" class="com.mycompany.flex.sample.dao.CustomerDAOImpl">
<security:intercept-methods>
<security:protect method="search*" access="ROLE_ADMIN_FOR" />
</security:intercept-methods>
</bean>
   -->
    
    <!--  <security:global-method-security secured-annotations="enabled" jsr250-annotations="enabled" /> -->    
    
<!-- access for method -->


<bean id="httpSessionIntegrationFilter"    
             class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
   
</beans>    我的web.xml里主要代码
     <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/classes/spring-security.xml
        </param-value>
    </context-param>        <filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
        
        <listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>在三种给方法设全县的方式中,只有annotations起作用,但要在代码里加东西。其余两种不起作用,不知道是为什么,哪为大侠能帮忙看看,谢谢了!!