Difference between @EnableWebSecurity @EnableGlobalMethodSecurity @EnableAuthorizationServer @EnableResourceServer?
Asked on November 02, 2018
What's the difference between @EnableWebSecurity @EnableGlobalMethodSecurity @EnableAuthorizationServer @EnableResourceServer?
Replied on November 02, 2018
@EnableWebSecurity and @EnableGlobalMethodSecurity is used for Spring Security and @EnableAuthorizationServer and @EnableResourceServer are used for OAuth 2 Security in Spring.
Spring Security:
1. @EnableWebSecurity configures spring security from the class WebSecurityConfigurerAdapter.
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
------
}
2. @EnableGlobalMethodSecurity secures service methods.
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true, prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
------
}
Now our service method can use @PreAuthorize, @PostAuthorize and @Secured annotations.
OAuth 2 Security:
3. OAuth 2 annotation for enabling an Authorization Server. The @EnableAuthorizationServer annotation is used to configure the OAuth 2.0 Authorization Server mechanism.
@SpringBootApplication
@RestController
@EnableOAuth2Client
@EnableAuthorizationServer
public class SocialApplication extends WebSecurityConfigurerAdapter {
------
}
4. OAuth 2 annotation for Resource Servers. The @EnableResourceServer annotation creates a security filter.
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration
extends ResourceServerConfigurerAdapter {
------
}
