Difference between @Secured vs @RolesAllowed vs @PreAuthorize in Spring Security

@Secured and @RolesAllowed are the same the only difference is @RolesAllowed is a standard annotation (i.e. not only spring security) whereas @Secured is spring security only.

@PreAuthorize is different in a way that it is more powerful then the other 2. It allows for SpEL expression for a more fine-grained control. Which to use well the simplest thing that could possible work, if you don’t need expression etc. go with the standard annotations to limit the dependency on spring classes. But that all is IMHO of course.

Previous
Next