Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

Chapter 9. Securing Spring > Securing methods - Pg. 246

246 C HAPTER 9 Securing Spring Up until now we've been mostly focused on securing web requests. Since Spring Secu- rity is often used to secure web applications, it tends to be forgotten that it can also be used to secure method invocations. Let's look at Spring Security's support for method- level security. 9.5 Securing methods As I've hinted at before, security is an aspect-oriented concept. And Spring AOP is the basis for method-level security in Spring Security. But for the most part you'll never need to deal with Spring Security's aspects directly. All of the AOP involved in securing methods is packed into a single element: <global-method-security> . Here's a com- mon way of using <global-method-security> . <global-method-security secured-annotations="enabled" /> This sets up Spring Security for securing methods that are annotated with Spring Security's own @Secured annotation. This is just one of four ways that Spring Security supports method-level security: Methods annotated with @Secured Methods annotated with JSR - 250 's @RolesAllowed Methods annotated with Spring's pre- and post-invocation annotations