Spring security: forcing https using annotations?

The spring security docs state (2.3.2):

If your application supports both HTTP and HTTPS, and you require that particular URLs can only be accessed over HTTPS, then this is directly supported using the requires-channel attribute on :

  <http>
    <intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
    <intercept-url pattern="/**" access="ROLE_USER" req开发者_高级运维uires-channel="any"/>
    ...
  </http>

But I'm using annotations on my controllers, not intercept-url elements.

• Can I enforce HTTPS selectively via annotations?
• Can I force HTTP for non-secure pages?

---

From the available docs, it appears that using only annotations it may not be possible to enforce channel security.

---

There are a number of examples that show how to use annotation with Spring Security

http://www.jroller.com/habuma/entry/method_level_security_in_spring

spring not enforcing method security annotations

I don't understand what you mean by forcing HTTP for non-secure pages. If it is non-secure, then it is HTTP already.