Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding FrameWork Spring @EnableGlobalMethodSecurity vs @EnableWebSecurity

Thread Rating:
  • 827 Vote(s) - 3.46 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
@EnableGlobalMethodSecurity vs @EnableWebSecurity

Offline brennaedqxebg


Member
*
Member
Posts: 1
Threads: 1
Joined: Jan 2018
Reputation: 0
Level: 1 [Level]
Total Points: 0
Rank 0 / 1
99% to upload Level
Rank
Activity 0 / 1
99% to upload your Rank
Activity
Experience 1
99% to upload Experience
Experience

Points: 50
#1
08-02-2023, 09:22 AM
I am developing a REST API using Spring 4. I would like to secure some of the endpoints using Spring Security, but based on what I've read this can be done with either `@EnableGlobalMethodSecurity` or `@EnableWebSecurity`. Unfortunately, the documentation that I have found for these don't clearly explain what they do (or how they compare). If I want to secure a Spring REST API with authentication and authorization based on data and relationships declared in a standard relational database, what is the recommended method for achieving this in Spring 4?
Reply

Offline prosthetics478070


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Feb 2022
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
08-02-2023, 09:28 AM
`EnableWebSecurity` will provide configuration via [HttpSecurity][1]. It's the configuration you could find with `<http></http>` tag in xml configuration, it allows you to configure your access based on urls patterns, the authentication endpoints, handlers etc...

`EnableGlobalMethodSecurity` provides AOP security on methods. Some of the annotations that it provides are `PreAuthorize`, `PostAuthorize`. It also has support for [JSR-250][2]. [There are more parameters in the configuration for you][3]

For your needs, it's better to mix the two. With REST you can achieve everything you need only by using `@EnableWebSecurity` since `HttpSecurity#antMatchers(HttpMethod,String...)` accepts control over Http methods

[1]:

[To see links please register here]

[2]:

[To see links please register here]

[3]:

[To see links please register here]

Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through