Spring Security

  1. Authorization and Access Control
    1. Declarative Authorization
      1. Configuration via Java
        1. Configuration via Annotations
          1. Advantages and Limitations
          2. Request-Based Authorization
            1. Configuring `HttpSecurity`
              1. Defining Authorization Rules
                1. Chaining Configuration Methods
                  1. Rule Ordering and Precedence
                  2. Using `requestMatchers`
                    1. Matching by Path
                      1. Matching by HTTP Method
                        1. Matching by Request Parameters
                          1. Matching by Headers
                          2. Ant Matchers vs. MVC Matchers
                            1. Ant Pattern Syntax
                              1. MVC Pattern Syntax
                                1. Use Cases for Each
                                  1. Performance Considerations
                                  2. Spring Expression Language (SpEL) in Authorization Rules
                                    1. SpEL Syntax and Capabilities
                                      1. Custom Expressions
                                        1. Built-in Security Expressions
                                          1. `hasRole()`
                                            1. `hasAuthority()`
                                              1. `hasAnyRole()`
                                                1. `hasAnyAuthority()`
                                                  1. `permitAll()`
                                                    1. `denyAll()`
                                                      1. `isAuthenticated()`
                                                        1. `isAnonymous()`
                                                          1. `isFullyAuthenticated()`
                                                            1. `hasPermission()`
                                                        2. Method-Level Security
                                                          1. Enabling Global Method Security
                                                            1. Configuration Options
                                                              1. Pre/Post Annotations Support
                                                                1. JSR-250 Annotations Support
                                                                  1. Secured Annotations Support
                                                                  2. JSR-250 Annotations
                                                                    1. `@RolesAllowed`
                                                                      1. Usage and Configuration
                                                                        1. Limitations
                                                                        2. `@PermitAll`
                                                                          1. `@DenyAll`
                                                                          2. Spring Security Annotations
                                                                            1. `@PreAuthorize`
                                                                              1. SpEL Expressions in Pre-Authorization
                                                                                1. Method Parameter Access
                                                                                  1. Return Value Access
                                                                                  2. `@PostAuthorize`
                                                                                    1. Post-Execution Authorization
                                                                                      1. Return Value Filtering
                                                                                      2. `@PreFilter`
                                                                                        1. Filtering Input Collections
                                                                                          1. Filter Target Configuration
                                                                                          2. `@PostFilter`
                                                                                            1. Filtering Output Collections
                                                                                              1. Collection Element Access
                                                                                            2. Method Security Configuration
                                                                                              1. Global Method Security Configuration
                                                                                                1. Custom Permission Evaluators
                                                                                                  1. Method Security Interceptor
                                                                                                2. Access Control Lists (ACLs) for Domain Objects
                                                                                                  1. Introduction to ACLs
                                                                                                    1. Object-Level Security Concepts
                                                                                                      1. Use Cases for ACLs
                                                                                                        1. ACL vs. Role-Based Security
                                                                                                        2. Core ACL Architecture
                                                                                                          1. ACL Database Schema
                                                                                                            1. ACL Class Table
                                                                                                              1. ACL Object Identity Table
                                                                                                                1. ACL Entry Table
                                                                                                                  1. ACL SID Table
                                                                                                                  2. Key Interfaces
                                                                                                                    1. `AclService`
                                                                                                                      1. `Acl`
                                                                                                                        1. `Sid`
                                                                                                                          1. `Permission`
                                                                                                                            1. `ObjectIdentity`
                                                                                                                          2. Implementation and Configuration
                                                                                                                            1. Setting Up ACL Tables
                                                                                                                              1. Configuring ACL Services
                                                                                                                                1. Managing ACL Entries
                                                                                                                                  1. ACL Caching
                                                                                                                                    1. Custom ACL Implementations

                                                                                                                                Previous

                                                                                                                                3. Authentication Mechanisms

                                                                                                                                Go to top

                                                                                                                                Next

                                                                                                                                5. Web Security Configuration