In this tutorial, we’ll look into a couple of methods for implementing authentication and authorization in Spring Boot using Spring Security. The first way focuses on overriding the original setting on the HttpSecurity object by building WebSecurityConfigurerAdapter
and using the fluent API. The second method, which is also the main focus of this tutorial, is to use method-level security — also known as the @PreAuthorize
annotation on controller method.
Let’s take a look at HttpSecurity
first. This method is universal and is applied to all requests. The pattern matching for endpoints and fluent API exposed by HttpSecurity
is great for building universal authentication policies. This is also where implementation options, such as OAuth 2.0, Form Login, and HTTP Basic are exposed.