CODEWITHSUNDEEP
javaspringspring-mvcspring-security
user3338770
user3338770

Reputation: 25

Importance of Method Level Spring Security

I am a beginner in Spring & trying to implement Spring security. My question is what is the need to implementing method level security when web level security is applied.

When implementing & deploying either web application or desktop application, the user is able to access only what is displayed on the UI to him/her.

Considering web level security is in place, user will not access anything extra and also will not access the method directly then why do we require method level security?

I am sorry if I am wasting others time if above question is very obvious & basic to ask here.

Upvotes: 2

Views: 297

Answers (2)

Touchstone
Touchstone

Reputation: 5972

You could refer Method-level-security and Expression-Based Access Control, to know more about method-level-security and its implementation.

Upvotes: 0

Shishir Kumar
Shishir Kumar

Reputation: 8201

Method level security is not for facilitating users who have have access. It is more for preventing unauthorized users performing activities out of their roles & privileges. The abstract design of any application keeps front-end independent (or loosely coupled) from back-end.

Due to this disconnect between each other the back-end security framework can't just assume that web level security is implemented flawlessly and hence it becomes important to implement method level security on the applications.

It's OK to ask questions and gain knowledge than remain in doubts.

Reference for implementing method level security:

http://howtodoinjava.com/2013/04/18/spring-3-method-level-security-example-using-preauthorize-and-secured/

Shishir

Upvotes: 1

Related Questions