0
0
Spring Bootframework~20 mins

@Secured annotation in Spring Boot - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Spring Security Mastery: @Secured
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when a method annotated with @Secured is accessed by an unauthorized user?

Consider a Spring Boot method annotated with @Secured("ROLE_ADMIN"). What is the expected behavior if a user without the ROLE_ADMIN role tries to access this method?

Spring Boot
import org.springframework.security.access.annotation.Secured;

public class AdminService {
    @Secured("ROLE_ADMIN")
    public String getAdminData() {
        return "Sensitive Admin Data";
    }
}
ASpring Security throws an AccessDeniedException preventing method execution.
BThe method executes normally and returns the data regardless of user role.
CThe method returns null without throwing any exception.
DThe application crashes with a NullPointerException.
Attempts:
2 left
💡 Hint

Think about how Spring Security enforces role-based access control.

📝 Syntax
intermediate
2:00remaining
Which of the following is the correct way to use @Secured for multiple roles?

Choose the correct syntax to allow access to a method for users with either ROLE_USER or ROLE_ADMIN using @Secured.

A@Secured("ROLE_USER" || "ROLE_ADMIN")
B@Secured("ROLE_USER, ROLE_ADMIN")
C@Secured({"ROLE_USER", "ROLE_ADMIN"})
D@Secured(["ROLE_USER", "ROLE_ADMIN"])
Attempts:
2 left
💡 Hint

Remember that @Secured accepts an array of strings.

🔧 Debug
advanced
2:00remaining
Why does @Secured annotation not restrict access as expected?

A developer added @Secured("ROLE_ADMIN") to a method, but users without ROLE_ADMIN can still access it. What is the most likely cause?

Spring Boot
import org.springframework.security.access.annotation.Secured;

public class ReportService {
    @Secured("ROLE_ADMIN")
    public String generateReport() {
        return "Report Data";
    }
}
AThe method is private, so <code>@Secured</code> does not apply.
BThe <code>@EnableGlobalMethodSecurity(securedEnabled = true)</code> annotation is missing in the configuration.
CThe user roles are case-sensitive and should be lowercase.
DThe <code>@Secured</code> annotation requires a <code>@Transactional</code> annotation to work.
Attempts:
2 left
💡 Hint

Check if method security is enabled in the Spring Security configuration.

state_output
advanced
2:00remaining
What is the output when a user with ROLE_USER calls a method annotated with @Secured({"ROLE_USER", "ROLE_ADMIN"})?

Given the method below, what will be the output if a user with only ROLE_USER calls it?

Spring Boot
import org.springframework.security.access.annotation.Secured;

public class DataService {
    @Secured({"ROLE_USER", "ROLE_ADMIN"})
    public String fetchData() {
        return "Data fetched successfully";
    }
}
A"Data fetched successfully"
BNullPointerException is thrown
CAccessDeniedException is thrown
D"Access denied" string is returned
Attempts:
2 left
💡 Hint

Check if the user's role matches any role in the annotation.

🧠 Conceptual
expert
3:00remaining
Why might you choose @PreAuthorize over @Secured in Spring Security?

Both @Secured and @PreAuthorize annotations can restrict method access. What is a key advantage of using @PreAuthorize?

A<code>@PreAuthorize</code> automatically logs access attempts.
B<code>@PreAuthorize</code> is faster at runtime than <code>@Secured</code>.
C<code>@PreAuthorize</code> does not require enabling method security in configuration.
D<code>@PreAuthorize</code> supports complex SpEL expressions for fine-grained access control.
Attempts:
2 left
💡 Hint

Think about flexibility in defining access rules.