{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 啃猪蹄的小仙女 的问题《@EnableGlobalMethodSecurity vs @EnableWebSecurity》','https://www.manongdao.com/q-463628.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am developing a REST API using Spring 4. I would like to secure some of the endpoints using Spring Security, but based on what I've read this can be done with either @EnableGlobalMethodSecurity or @EnableWebSecurity. Unfortunately, the documentation that I have found for these don't clearly explain what they do (or how they compare). If I want to secure a Spring REST API with authentication and authorization based on data and relationships declared in a standard relational database, what is the recommended method for achieving this in Spring 4?
相关问题
- java.lang.IllegalArgumentException: Cannot set to
- Design RESTful service with multiple ids
- Axios OPTIONS instead of POST Request. Express Res
- Plain (non-HTML) error pages in REST api
- Spring Data MongoDB - lazy access to some fields
相关文章
- java JDK动态代理和cglib动态代理最后获取的代理对象都为null的问题
- org.xml.sax.SAXParseException; lineNumber: 7; colu
- SpringMVC如何把File封装到Map中?
- Spring: controller inheritance using @Controller a
- How to load @Configuration classes from separate J
- Java spring framework - how to set content type?
- Java/Spring MVC: provide request context to child
- Spring 5 Web Reactive - Hot Publishing - How to us
EnableWebSecuritywill provide configuration via HttpSecurity providing the configuration you could find with<http></http>tag in xml configuration, it's allow you to configure your access based on urls patterns, the authentication endpoints, handlers etc...EnableGlobalMethodSecurityprovides AOP security on methods, some of annotation it will enable arePreAuthorizePostAuthorizealso it has support for JSR-250. There is also more parameters in configuration for youFor your needs, it's better mix the two. With REST you can achieve all you need only with
@EnableWebSecurity, sinceHttpSecurity#antMatchers(HttpMethod,String...)accepts controls over Http methods