@EnableGlobalMethodSecurity vs @EnableWebSecurity

spring rest spring-security spring-boot
38,910

EnableWebSecurity will provide configuration via HttpSecurity. It's the configuration you could find with <http></http> tag in xml configuration, it allows you to configure your access based on urls patterns, the authentication endpoints, handlers etc...

EnableGlobalMethodSecurity provides AOP security on methods. Some of the annotations that it provides are PreAuthorize, PostAuthorize. It also has support for JSR-250. There are more parameters in the configuration for you

For your needs, it's better to mix the two. With REST you can achieve everything you need only by using @EnableWebSecurity since HttpSecurity#antMatchers(HttpMethod,String...) accepts control over Http methods

Share:
38,910
Christopher
Author by

Christopher

Updated on February 26, 2021

Comments

  • Christopher
    Christopher about 3 years

    I am developing a REST API using Spring 4. I would like to secure some of the endpoints using Spring Security, but based on what I've read this can be done with either @EnableGlobalMethodSecurity or @EnableWebSecurity. Unfortunately, the documentation that I have found for these don't clearly explain what they do (or how they compare). If I want to secure a Spring REST API with authentication and authorization based on data and relationships declared in a standard relational database, what is the recommended method for achieving this in Spring 4?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Use AbstractAuthenticationProcessingFilter for multiple URLs
How to allow a User only access their own data in Spring Boot / Spring Security?
Spring Security: mapping OAuth2 claims with roles to secure Resource Server endpoints
How to enable CORS at Spring Security level in Spring boot
Spring Boot/Spring Security AuthenticationEntryPoint not getting executed
Custom WebSecurityConfigurerAdapter
This application has no explicit mapping for /error, so you are seeing this as a fallback. Thymeleaf parsing exception in spring boot
Spring Boot controller not responding to POST request
Spring boot REST token authorization and authentication best practices
Connect multiple authentication mechanisms Spring Boot Security