What’s the difference between @Secured and @PreAuthorize in spring security 3?

by

The real difference is that @PreAuthorize can work with Spring Expression Language (SpEL). You can:

  • Access methods and properties of SecurityExpressionRoot.

  • Access method arguments (requires compilation with debug info or custom ParameterNameDiscoverer):

    @PreAuthorize("#contact.name == principal.name")
public void doSomething(Contact contact)
  • (Advanced feature) Add your own methods (override MethodSecurityExpressionHandler and set it as <global-method-security><expression-handler ... /></...>).

More Related Contents:

  1. Spring boot Security Disable security
  2. How to dynamically decide access attribute value in Spring Security?
  3. Java Spring Security config – multiple authentication providers
  4. Standalone Spring OAuth2 JWT Authorization Server + CORS
  5. Spring Security: how to exclude certain resources?
  6. Feign and Spring Security 5 – Client Credentials
  7. Multiple roles using @PreAuthorize
  8. Spring security 3.1.4 and ShaPasswordEncoder deprecation
  9. Multiple Authentication Providers in Spring Security
  10. Springboot Security hasRole not working
  11. Can Spring Security use @PreAuthorize on Spring controllers methods?
  12. Spring Boot CORS filter – CORS preflight channel did not succeed
  13. Spring Security redirect to previous page after successful login
  14. How can I have list of all users logged in (via spring security) my web application
  15. Spring Security exclude url patterns in security annotation configurartion
  16. Spring Security 3.2 CSRF support for multipart requests
  17. Spring CSRF token does not work, when the request to be sent is a multipart request
  18. Spring Security and JSON Authentication
  19. How can I use Spring Security without sessions?
  20. How to get the current logged in user object from spring security?
  21. Customize authentication failure response in Spring Security using AuthenticationFailureHandler
  22. Spring Security with roles and permissions
  23. Spring security does not allow CSS or JS resources to be loaded
  24. how to display custom error message in jsp for spring security auth exception
  25. Spring security’s SecurityContextHolder: session or request bound?
  26. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  27. My Application Could not open ServletContext resource
  28. Spring Social Authentication Filter for Stateless REST Endpoints which use Facebook Token for authentication
  29. How do I add method based security to a Spring Boot project?
  30. I can’t update my webapp to Spring Boot 2.6.0 (2.5.7 works but 2.6.0 doesn’t)

Leave a Comment