Spring Security - annotations and UrlMap

I'm using spring-security-core and spring-security-ui plugins. I'd like to use annotation-driven access management.

After I installed ui plugin for managing users I faced with the problem when those pages are unsecured. I know how to restrict access to those pages only with UrlMap. But if I use map then annotations don't get taken into account.

So actually there are 2 question开发者_高级运维s: 1) How to restrict access to spring-security-ui pages/controller? 2) Is it possible to use both annotation based and UrlMap security configuration?

See section "5.1 Defining Secured Annotations" in the docs where it describes the controllerAnnotations.staticRules property. This is very similar to the URL map approach and lets you define access rules on static resources, controllers from other plugins, and other URLs that you can't (or shouldn't) annotate.