Complete the code to enable method-level security in a Spring Boot application.
@Configuration @Enable[1] public class SecurityConfig { }
The annotation @EnableGlobalMethodSecurity activates method-level security annotations like @PreAuthorize.
Complete the code to restrict access to the method to users with the role 'ADMIN'.
@PreAuthorize("hasRole('[1]')") public void deleteUser(Long id) { // method body }
The @PreAuthorize annotation checks if the user has the specified role before allowing method execution.
Fix the error in the method-level security annotation to allow access only if the user has 'USER' role and the id matches the authenticated user's id.
@PreAuthorize("hasRole('[1]') and #id == authentication.principal.id") public void updateProfile(Long id) { // method body }
The method should allow only users with the 'USER' role to update their own profile, so 'USER' is the correct role.
Fill both blanks to create a method that allows access only if the user has 'ADMIN' role or the user id matches the authenticated user's id.
@PreAuthorize("hasRole('[1]') or #id [2] authentication.principal.id") public void accessResource(Long id) { // method body }
The method allows access if the user has 'ADMIN' role or if the id matches the authenticated user's id, so the operator should be '=='.
Fill all three blanks to create a method that allows access only if the user has 'MANAGER' role and the department matches the authenticated user's department.
@PreAuthorize("hasRole('[1]') and #dept [2] authentication.principal.[3]") public void manageDepartment(String dept) { // method body }
The method restricts access to users with 'MANAGER' role and matching department, so the role is 'MANAGER', the operator is '==', and the property is 'department'.