0
0
Spring Bootframework~5 mins

Custom permission evaluator in Spring Boot - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Recall & Review
beginner
What is a Custom Permission Evaluator in Spring Security?
A Custom Permission Evaluator is a class that implements Spring Security's PermissionEvaluator interface to define fine-grained access control logic beyond simple role checks.
Click to reveal answer
beginner
Which interface must you implement to create a Custom Permission Evaluator?
You must implement the PermissionEvaluator interface, which requires defining the methods hasPermission(Authentication, Object, Object) and hasPermission(Authentication, Serializable, String, Object).
Click to reveal answer
intermediate
How does Spring Security use a Custom Permission Evaluator in method security?
Spring Security calls the hasPermission methods of your Custom Permission Evaluator when you use expressions like @PreAuthorize("hasPermission(...)") to decide if access should be granted.
Click to reveal answer
intermediate
What are the two main methods you must override in a Custom Permission Evaluator?
The two methods are: hasPermission(Authentication authentication, Object targetDomainObject, Object permission) and hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission).
Click to reveal answer
intermediate
Why would you use a Custom Permission Evaluator instead of simple role-based checks?
Because it allows you to check permissions based on the actual domain object or context, enabling more precise and flexible security rules than just checking user roles.
Click to reveal answer
Which interface do you implement to create a Custom Permission Evaluator in Spring Security?
AAuthenticationProvider
BUserDetailsService
CAccessDecisionVoter
DPermissionEvaluator
What annotation commonly uses hasPermission expressions to invoke a Custom Permission Evaluator?
A@PreAuthorize
B@Controller
C@Service
D@Entity
Which method signature is NOT part of the PermissionEvaluator interface?
AhasPermission(Authentication, Object, Object)
BhasPermission(Authentication, String, Object)
ChasPermission(Authentication, Serializable, String, Object)
DNone of the above
What does the 'targetDomainObject' parameter represent in hasPermission method?
AThe HTTP request
BThe user's role
CThe domain object to check permission against
DThe authentication token
Why is a Custom Permission Evaluator useful?
ATo implement complex, object-level security rules
BTo replace the entire Spring Security framework
CTo manage database connections
DTo handle user login forms
Explain how to create and use a Custom Permission Evaluator in Spring Security.
Think about the interface, methods, and how Spring Security calls it.
You got /4 concepts.
    Describe the difference between role-based access control and permission evaluation with a Custom Permission Evaluator.
    Consider the level of detail in access decisions.
    You got /4 concepts.