0
0
Spring Bootframework~20 mins

@PreAuthorize annotation in Spring Boot - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Spring Security Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when a user without the required role accesses a method annotated with @PreAuthorize?

Consider a Spring Boot method annotated with @PreAuthorize("hasRole('ADMIN')"). What is the behavior if a user with role USER tries to call this method?

Spring Boot
public class MyService {
    @PreAuthorize("hasRole('ADMIN')")
    public String adminOnlyMethod() {
        return "Secret Data";
    }
}
AThe method returns null without executing the logic.
BThe method executes but returns an empty string.
CThe method throws an AccessDeniedException and does not execute.
DThe method executes normally and returns "Secret Data".
Attempts:
2 left
💡 Hint

Think about what Spring Security does when authorization fails.

📝 Syntax
intermediate
2:00remaining
Which @PreAuthorize expression correctly checks if the user has either ROLE_ADMIN or ROLE_MANAGER?

Choose the correct @PreAuthorize expression to allow access if the user has ROLE_ADMIN or ROLE_MANAGER.

A@PreAuthorize("hasAnyRole('ADMIN', 'MANAGER')")
B@PreAuthorize("hasRole('ADMIN' && 'MANAGER')")
C@PreAuthorize("hasRole('ADMIN') && hasRole('MANAGER')")
D@PreAuthorize("hasRole('ADMIN') or hasRole('MANAGER')")
Attempts:
2 left
💡 Hint

Look for the expression that checks multiple roles correctly.

state_output
advanced
2:00remaining
What is the output when a method annotated with @PreAuthorize uses a SpEL expression referencing method parameters?

Given the method below, what will be the output if the user has username "alice" and calls getUserData("alice")?

Spring Boot
public class UserService {
    @PreAuthorize("#username == authentication.name")
    public String getUserData(String username) {
        return "Data for " + username;
    }
}
A"Data for null" is returned because username is not passed correctly.
BAccessDeniedException is thrown because the expression is invalid.
CNullPointerException occurs due to missing authentication object.
D"Data for alice" is returned because the username matches authentication name.
Attempts:
2 left
💡 Hint

Check how SpEL accesses method parameters and authentication info.

🔧 Debug
advanced
2:00remaining
Why does this @PreAuthorize expression cause a syntax error?

Identify the problem in this annotation:

@PreAuthorize("hasRole('ADMIN') and hasPermission(#id, 'read')")
AThe hasPermission function requires three arguments, so this is incomplete.
BThe expression uses 'and' instead of '&&' which causes a syntax error.
CThe method parameter #id is not accessible in the expression.
DThe expression is valid and causes no syntax error.
Attempts:
2 left
💡 Hint

Check the logical operators allowed in SpEL expressions.

🧠 Conceptual
expert
2:00remaining
How does @PreAuthorize differ from @PostAuthorize in Spring Security?

Choose the statement that best describes the difference between @PreAuthorize and @PostAuthorize.

A<code>@PreAuthorize</code> checks authorization before method execution; <code>@PostAuthorize</code> checks after method execution and can use the method's return value.
B<code>@PreAuthorize</code> is used only for roles; <code>@PostAuthorize</code> is used only for permissions.
CBoth annotations check authorization only before method execution but differ in syntax.
D<code>@PreAuthorize</code> checks authorization after method execution; <code>@PostAuthorize</code> checks before method execution.
Attempts:
2 left
💡 Hint

Think about when the security check happens relative to the method call.