Why Spring security and role based access control


  • Protect your web application and web service application
  • Role authorization ensures that user can only access services they are authorized
  • The basic security principle applies to any Java web application


Steps to protect your web service project


  • Create web service interceptors
  • Create Authentication provider
  • Protect your business method with Spring “Secured” annotation


Work flow




  • Client makes a web service all
  • Spring EndPoint Interceptor intercepts the call
  • EndPoint Interceptor use the Authentication manager to authenticate the user
  • The Authentication manager call Authentication provider to  verify the user
  • The EndPoint calls  “Secured” service method
  • Spring method interceptor the call and verify user’s authorization
  • The method interceptor throws unauthorized exception if the user is not allowed to access the business method