Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Spring Security

Spring security has nice support for annotation-based authorization constraints. I would suggest we switch to it and secure the system at a request level by annotating our controller methods. Spring provides an expression language we can use to declare our constraints, and we can even implement new methods in that constraint language, and Spring will delegate to our own code to answer authorization questions. But it would allow new developers to work with a technology that they have seen before and that is documented.

...