Spring Bootframework~30 mins

@Secured annotation in Spring Boot - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Using @Secured Annotation in Spring Boot

📖 Scenario: You are building a simple Spring Boot web application that has different user roles. You want to protect certain methods so that only users with specific roles can access them.

🎯 Goal: Learn how to use the @Secured annotation to restrict access to methods based on user roles in a Spring Boot application.

📋 What You'll Learn

Create a Spring Boot service class with a method to secure

Add a configuration to enable method security

Use the @Secured annotation to restrict method access to a specific role

Create a simple controller to call the secured method

💡 Why This Matters

🌍 Real World

Many web applications need to restrict access to certain features based on user roles. Using @Secured helps enforce these rules easily at the method level.

💼 Career

Understanding method-level security with @Secured is essential for backend developers working with Spring Boot to build secure applications.

Progress0 / 4 steps

Create a service class with a method

Create a Spring service class called MyService with a public method getSecretMessage() that returns the string "Secret Info".

Spring Boot

import org.springframework.stereotype.Service;

@Service
public class MyService {
    // Your code here
}

Need a hint?

Use @Service annotation and create a method that returns the exact string.

Enable method security in configuration

Create a configuration class called SecurityConfig annotated with @Configuration and @EnableMethodSecurity to enable method-level security.

Spring Boot

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;

@Configuration
@EnableMethodSecurity
public class SecurityConfig {
    // Your code here
}

Need a hint?

Use @EnableMethodSecurity on a configuration class to activate method security.

Add @Secured annotation to restrict access

Modify the getSecretMessage() method in MyService to add the @Secured annotation that allows access only to users with the role ROLE_ADMIN.

Spring Boot

import org.springframework.security.access.annotation.Secured;

@Service
public class MyService {
    @Secured({"ROLE_ADMIN"})
    public String getSecretMessage() {
        return "Secret Info";
    }
}

// SecurityConfig class remains unchanged

Need a hint?

Import @Secured and add it above the method with the role ROLE_ADMIN inside curly braces.

Create a controller to call the secured method

Create a Spring REST controller class called MyController with a GET endpoint /secret that calls getSecretMessage() from MyService and returns its result.

Spring Boot

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.beans.factory.annotation.Autowired;

@RestController
public class MyController {
    @Autowired
    private MyService myService;

    @GetMapping("/secret")
    public String secret() {
        // Your code here
    }
}

Need a hint?

Inject MyService using @Autowired and return the secured method's result in the GET endpoint.