This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.4.1!spring-doc.cn

Authorization

Having established how users will authenticate, you also need to configure your application’s authorization rules.spring-doc.cn

The advanced authorization capabilities within Spring Security represent one of the most compelling reasons for its popularity. Irrespective of how you choose to authenticate (whether using a Spring Security-provided mechanism and provider or integrating with a container or other non-Spring Security authentication authority), the authorization services can be used within your application in a consistent and simple way.spring-doc.cn

You should consider attaching authorization rules to request URIs and methods to begin. Below there is also wealth of detail about how Spring Security authorization works and how, having established a basic model, it can be fine-tuned.spring-doc.cn

Section Summary

Authorization Architecture
Authorize HTTP Requests
Method Security
Domain Object Security ACLs
Authorization Events