A. Allow access to a method based on user identity.
This is true because the @PreAuthorize annotation can use the principal object to access the user identity and check if it matches a certain condition. For example, we can use the following expression to allow access only to the user with the username “admin”:
@PreAuthorize(“principal.username == ‘admin’”)
E. Allow access to a method based on roles.
This is true because the @PreAuthorize annotation can use the hasRole, hasAnyRole, or hasAuthority methods to check if the user has a certain role or authority. For example, we can use the following expression to allow access only to users who have the role “ADMIN” or “USER”:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit