Server-side method-level access control
On the server side, we can use the annotations provided by Spring security to control the permissions of the method. Spring Security
supports three types of annotations in method access control , JSR-250 annotations, @Secured annotations and annotations that support expressions. These three annotations are not enabled by default and need to be passed through the global-method-security element separately. To enable the corresponding properties
Turn on annotation use
The first step is to add the following paragraph to the spring-security.xml file
<security:global-method-security jsr250-annotations="enabled"/>
The second step is to import dependencies
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>jsr250-api</artifactId>
<version>1.0</version>
</dependency>
The third step is to use it on the specified method
@RolesAllowed indicates the role that should have when accessing the corresponding method
@PermitAll indicates that all roles are allowed to access, that is to say, no permission control
@DenyAll is the opposite of PermitAll, which means that no role can be accessed . The ADMIN in the
instance
is me Create a role, set that only the role is ADMIN can access and query all methods
