The @Secured annotation helps protect parts of your app by allowing only certain users to access them.
@Secured({"ROLE_NAME"})
public void methodName() {
// method code
}Use role names with the prefix ROLE_ by convention.
You can specify multiple roles inside the braces as an array.
ROLE_ADMIN role.@Secured({"ROLE_ADMIN"})
public void adminOnly() {
// admin code
}ROLE_USER or ROLE_ADMIN.@Secured({"ROLE_USER", "ROLE_ADMIN"})
public void userOrAdmin() {
// code for users or admins
}This service has two methods. One is only for admins, the other for users or admins.
import org.springframework.security.access.annotation.Secured; import org.springframework.stereotype.Service; @Service public class DocumentService { @Secured({"ROLE_ADMIN"}) public String getAdminDocument() { return "Secret Admin Document"; } @Secured({"ROLE_USER", "ROLE_ADMIN"}) public String getUserDocument() { return "User Document"; } }
You must enable method security in your Spring Boot app with @EnableMethodSecurity.
If a user does not have the required role, Spring Security will block access and throw an exception.
Roles should be granted to users in your security configuration or user database.
@Secured restricts method access by user roles.
Use role names with ROLE_ prefix inside curly braces.
Works well for simple role-based security in Spring Boot apps.