Difference between @EnableWebSecurity @EnableGlobalMethodSecurity @EnableAuthorizationServer @EnableResourceServer?




Asked on November 02, 2018
What's the difference between @EnableWebSecurity @EnableGlobalMethodSecurity @EnableAuthorizationServer  @EnableResourceServer?



Replied on November 02, 2018
@EnableWebSecurity and @EnableGlobalMethodSecurity is used for Spring Security and @EnableAuthorizationServer and @EnableResourceServer are used for OAuth 2 Security in Spring.

Spring Security:

1. @EnableWebSecurity configures spring security from the class WebSecurityConfigurerAdapter.

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
  ------
}


2. @EnableGlobalMethodSecurity secures service methods. 

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true, prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
  ------
}

Now our service method can use @PreAuthorize, @PostAuthorize and @Secured annotations.



OAuth 2 Security:

3. OAuth 2 annotation for enabling an Authorization Server. The @EnableAuthorizationServer annotation is used to configure the OAuth 2.0 Authorization Server mechanism.

@SpringBootApplication
@RestController
@EnableOAuth2Client
@EnableAuthorizationServer
public class SocialApplication extends WebSecurityConfigurerAdapter {

------
}


4. OAuth 2 annotation for Resource Servers. The @EnableResourceServer annotation creates a security filter.


@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration
    extends ResourceServerConfigurerAdapter {
  ------
}


Write Answer










©2024 concretepage.com | Privacy Policy | Contact Us