2014-03-30

Spring Security: authorization on controller methods, part 2

In my previous post I showed a method to apply authorization rules to controller methods using annotations without moving <global-method-security> or @EnableGlobalMethodSecurity to web application context. My solution was something between web security and global method security. It operated on HTTP request level (just like web security), but it was configured by annotations (like global method security).

I improved my code from previous post, so it integrates with Spring Security better, and I packaged it as a library (spring-security-controller-auth). In this post I would like to describe this library.