Showcase project is attached.
See showcase.controller.AdminController. This class is annotated by custom annotation showcase.security.IsAdmin.
In the class method "secureInfo" has the same annotation.
On welcome screen of the launched application. Press link "TYPE level annotation (Admin)". No auth prompt will be shown.
Go back to welcome screen and press "METHOD level annotation (Admin)". You'll see the prompt. Type in login "user", password "1".
You'll see "Access Denied". Go back to welcome page. Press "TYPE level annotation (Admin)" no check will be done.
The same thing with service interface showcase.service.SecureService annotated at TYPE and METHOD levels.