Spring Bootframework~30 mins

Method-level security in Spring Boot - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Method-level Security in Spring Boot

📖 Scenario: You are building a simple Spring Boot application that manages user data. You want to protect certain methods so only users with the right roles can access them.

🎯 Goal: Learn how to add method-level security using Spring Security annotations to restrict access based on user roles.

📋 What You'll Learn

Create a service class with user management methods

Add a configuration variable to enable method security

Use method-level security annotations to restrict access

Complete the security setup to enforce role-based access

💡 Why This Matters

🌍 Real World

Method-level security is used in real applications to protect sensitive operations so only authorized users can perform them.

💼 Career

Understanding method-level security is essential for backend developers working with Spring Boot to build secure applications.

Progress0 / 4 steps

Create UserService with methods

Create a class called UserService with two methods: getUser() that returns a string "User data" and deleteUser() that returns a string "User deleted".

Spring Boot

public class UserService {
    // Your code here
}

Need a hint?

Define a public class named UserService. Add two public methods named getUser and deleteUser that return the exact strings.

Enable method security in configuration

Create a configuration class called SecurityConfig annotated with @Configuration and @EnableMethodSecurity to enable method-level security.

Spring Boot

public class UserService {
    public String getUser() {
        return "User data";
    }

    public String deleteUser() {
        return "User deleted";
    }
}

// Your code here

Need a hint?

Use @Configuration and @EnableMethodSecurity annotations on a class named SecurityConfig.

Add method-level security annotations

In the UserService class, add @PreAuthorize("hasRole('USER')") above the getUser() method and @PreAuthorize("hasRole('ADMIN')") above the deleteUser() method.

Spring Boot

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;

@Configuration
@EnableMethodSecurity
public class SecurityConfig {
}

public class UserService {
    // Add @PreAuthorize for getUser
    public String getUser() {
        return "User data";
    }

    // Add @PreAuthorize for deleteUser
    public String deleteUser() {
        return "User deleted";
    }
}

Need a hint?

Import @PreAuthorize and add it above each method with the exact role expressions.

Complete security setup with method security enabled

Ensure the SecurityConfig class imports org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity and is annotated with @EnableMethodSecurity to activate method-level security.

Spring Boot

import org.springframework.context.annotation.Configuration;
// Ensure @EnableMethodSecurity is present

@Configuration
// Your code here
public class SecurityConfig {
}

public class UserService {
    @PreAuthorize("hasRole('USER')")
    public String getUser() {
        return "User data";
    }

    @PreAuthorize("hasRole('ADMIN')")
    public String deleteUser() {
        return "User deleted";
    }
}

Need a hint?

Double-check that @EnableMethodSecurity is imported and used on SecurityConfig.