more and more
Custom AccessDecisionVoters in Spring Security 1. Introduction Most of the time when securing a Spring Web application or a REST API, the tools provided by Spring Security are more than enough, but sometimes we are looking for a more specific behavior. In this tutorial, we’ll write a custom AccessDecisionVoter and… Continue Reading spring-security-custom-voter
getdocs
A Custom Security Expression with Spring Security 1. Overview In this tutorial, we’ll focus on creating a custom security expression with Spring Security. Sometimes, the expressions available in the framework are simply not expressive enough. And, in these cases, it’s relatively simple to built up a new expression that is… Continue Reading spring-security-create-new-custom-security-expression
getdocs
Spring Security – Roles and Privileges 1. Overview This article continues the Registration with Spring Security series with a look at how to properly implement Roles and Privileges. Further reading: Intro to Spring Security Expressions Simple and practical guide to Spring Security Expressions. Read more → Introduction to Spring Method… Continue Reading role-and-privilege-for-spring-security-registration
getdocs
Granted Authority Versus Role in Spring Security 1. Overview In this quick article, we’ll explain the subtle but significant difference between a Role and a GrantedAuthority in Spring Security. For more detailed information on roles and authorities, see the article here. Further reading: Spring Security Authentication Tutorial How to build… Continue Reading spring-security-granted-authority-vs-role
getdocs
Introduction to Spring Security ACL 1. Introduction Access Control List (ACL) is a list of permissions attached to an object. An ACL specifies which identities are granted which operations on a given object. Spring Security _Access Control List_ is a Spring component which supports Domain Object Security. Simply put, Spring… Continue Reading spring-security-acl
getdocs
Intro to Spring Security Expressions 1. Introduction In this tutorial we’ll focus on Spring Security Expressions, and of course on practical examples with these expressions. Before looking at more complex implementations (such as ACL), it’s important to have a solid grasp on security expressions – as they can be quite… Continue Reading spring-security-expressions
getdocs
Spring Security Expressions – hasRole Example 1. Overview Spring Security provides a large variety of Expressions, using the powerful Spring Expression Language (SpEL). Most of these security expressions are evaluated against a contextual object – the currently authenticated principal. The evaluation of these expressions is performed by the SecurityExpressionRoot –… Continue Reading spring-security-expressions-basic
getdocs
Spring Security – @PreFilter and @PostFilter 1. Overview In this article, we’ll learn how to use the @PreFilter and @PostFilter annotations to secure operations in a Spring application. When used together with the authenticated principal information, @PreFilter and @PostFilter allows us to define fine-grained security rules using Spring Expression Language.… Continue Reading spring-security-prefilter-postfilter
getdocs
Introduction to Spring Method Security 1. Introduction Simply put, Spring Security supports authorization semantics at the method level. Typically, we could secure our service layer by, for example, restricting which roles are able to execute a particular method – and test it using dedicated method-level security test support. In this… Continue Reading spring-security-method-security
getdocs