Felpfe Inc.
Search
Close this search box.
call 24/7

+484 237-1364‬

Search
Close this search box.

Security Annotations

Security is a critical aspect of any application, and Spring Boot provides powerful security features that can be easily integrated into your projects. In this section, we will explore the security annotations provided by Spring Boot and demonstrate how they can be used to secure your application.

1. @EnableWebSecurity
The `@EnableWebSecurity` annotation is used to enable the web security configuration in your Spring Boot application. It allows you to customize the security settings and apply security rules to protect your endpoints. Here’s an example:

“`java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

// …
}
“`

In this example, the `SecurityConfig` class is annotated with `@Configuration` to indicate that it is a configuration class. The `@EnableWebSecurity` annotation enables the web security configuration, allowing you to customize the security settings.

2. @ConfigurationProperties
The `@ConfigurationProperties` annotation is used to bind external configuration properties to a Java class. It is commonly used in security configuration to externalize the security settings, such as usernames, passwords, and access rules. Here’s an example:

“`java
@Configuration
@ConfigurationProperties(prefix = “security”)
public class SecurityProperties {

private String username;
private String password;

// Getters and setters

// …
}
“`

In this example, the `SecurityProperties` class is annotated with `@Configuration` to indicate that it is a configuration class. The `@ConfigurationProperties` annotation binds the properties with the prefix “security” to the corresponding fields in the class.

3. @EnableGlobalMethodSecurity
The `@EnableGlobalMethodSecurity` annotation is used to enable method-level security in your Spring Boot application. It allows you to apply security rules to specific methods or classes to restrict access based on user roles or permissions. Here’s an example:

“`java
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {

// …
}
“`

In this example, the `MethodSecurityConfig` class is annotated with `@Configuration` to indicate that it is a configuration class. The `@EnableGlobalMethodSecurity` annotation enables the global method security configuration, allowing you to use method-level security annotations such as `@PreAuthorize` and `@PostAuthorize`.

4. @PreAuthorize and @PostAuthorize
The `@PreAuthorize` and `@PostAuthorize` annotations are used to apply pre- and post-authorization checks to methods. They allow you to specify the security expressions that must be satisfied before or after the method execution. Here’s an example:

“`java
@Service
public class UserService {

@PreAuthorize(“hasRole(‘ADMIN’)”)
public void deleteUser(String userId) {
// Delete user logic goes here
}

@PostAuthorize(“returnObject.username == principal.username”)
public User getUser(String userId) {
// Get user logic goes here
}

// …
}
“`

In this example, the `deleteUser` method is annotated with `@PreAuthorize`, specifying that only users with the “ADMIN” role can delete a user. The `getUser` method is annotated with `@PostAuthorize`, specifying that the returned user object must have the same username as the authenticated user.

5. @Secured
The `@Secured` annotation is used to apply method-level security by specifying the roles or authorities that are allowed to access the method. Here’s an example:

“`java
@Service
public class ProductService {

@Secured(“ROLE_ADMIN”)
public void createProduct(Product product) {
// Create product logic goes here
}

// …
}
“`

In this example, the `createProduct` method is annotated with `@Secured`, specifying that only users with the “ROLE_ADMIN” authority can access the method.

These are just a few examples of security annotations provided by Spring Boot. They enable you to implement robust security measures in your applications, ensuring that only authorized users can access certain resources and perform specific actions.

In the next section, we will explore annotations related to custom annotations.

Unleashing The Tech Marvels

Discover a tech enthusiast’s dreamland as our blog takes you on a thrilling journey through the dynamic world of programming. 

More Post like this

About Author
Ozzie Feliciano CTO @ Felpfe Inc.

Ozzie Feliciano is a highly experienced technologist with a remarkable twenty-three years of expertise in the technology industry.

kafka-logo-tall-apache-kafka-fel
Stream Dream: Diving into Kafka Streams
In “Stream Dream: Diving into Kafka Streams,”...
ksql
Talking in Streams: KSQL for the SQL Lovers
“Talking in Streams: KSQL for the SQL Lovers”...
spring_cloud
Stream Symphony: Real-time Wizardry with Spring Cloud Stream Orchestration
Description: The blog post, “Stream Symphony:...
1_GVb-mYlEyq_L35dg7TEN2w
Kafka Chronicles: Saga of Resilient Microservices Communication with Spring Cloud Stream
“Kafka Chronicles: Saga of Resilient Microservices...
kafka-logo-tall-apache-kafka-fel
Tackling Security in Kafka: A Comprehensive Guide on Authentication and Authorization
As the usage of Apache Kafka continues to grow in organizations...
1 2 3 58
90's, 2000's and Today's Hits
Decades of Hits, One Station

Listen to the greatest hits of the 90s, 2000s and Today. Now on TuneIn. Listen while you code.