InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
What is method security and why do we need it? |
|
Answer» Simply put, SPRING method security lets us add or support authorization at the method level. Spring security checks the authorization of the logged-in user in addition to authentication. Upon login, the ROLE of the user is USED to determine which user is authorized to access the resource. When creating a new user in WebSecurityConfig, we can SPECIFY his ROLE as well. A security measure applied to a method prevents unauthorized users and only allows authentic users. The purpose of method level security is not to facilitate users who have access but to prevent unauthorized users from performing activities beyond their privileges and roles. Method level security is IMPLEMENTED using AOP (Aspect-Oriented Programming). |
|