Spring Security Method-Level Security

Review how well you know @PreAuthorize,@Secured,and role-based access.

1. Which annotation is used to perform authorization checks before a method is executed?

@PostAuthorize @PreAuthorize @PreFilter @PostFilter

2. Which annotations are used for filtering collections in method-level security?

@PreFilter @PostFilter @PreAuthorize @PostAuthorize

3. @PostAuthorize checks authorization conditions after the method has executed.

True False

4. What is the full name of the annotation used to enable method-level security in Spring Security 5.6+?

5. Which SpEL expression function checks if a user has a specific role (automatically prefixes with 'ROLE_')?

hasAuthority hasRole hasPermission hasAnyRole

6. Which of the following are valid SpEL expressions in @PreAuthorize?

hasRole('ADMIN') permitAll() denyAll() authentication.principal.username == #username

7. @PreAuthorize can only be applied to public methods.

True False

8. What SpEL function checks if a user has a specific authority without automatically adding a 'ROLE_' prefix?

9. Which are required to enable method-level security in a Spring application?

@EnableMethodSecurity on a configuration class spring-security-core dependency @PreAuthorize on all methods Explicitly enabling CGLIB proxies

10. Name the annotation that filters the return collection of a method based on a SpEL expression.

Answered 0 of 0 — 0 correct

Company