Which two statements are true regarding Spring Security? (Choose two.)

Which two statements are true regarding Spring Security? (Choose two.)
A . Access control can be configured at the method level.
B . A special Java Authentication and Authorization Service (JAAS) policy file needs to be configured.
C . Authentication data can be accessed using a variety of different mechanisms, including databases and LDAP.
D . In the authorization configuration, the usage of permitAll () allows bypassing Spring security completely.
E . It provides a strict implementation of the Java EE Security specification.

View Answer

Answer: AC

Explanation:

Spring Security is a framework that provides comprehensive security services for Java applications, such as authentication, authorization, encryption, session management, and more. One of its features is method security, which allows applying access control rules at the method level using annotations or XML configuration. Another feature is authentication, which is the process of verifying the identity of a user or a system. Spring Security supports various authentication mechanisms, such as username and password, tokens, certificates, etc., and can access authentication data from different sources, such as databases, LDAP directories, in-memory stores, etc.

Reference:

https://docs.spring.io/spring-security/site/docs/current/reference/html5/:

https://docs.spring.io/spring-security/site/docs/current/reference/html5/#jc-method:

https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-authentication

Reference: https://www.baeldung.com/security-none-filters-none-access-permitAll