- Spring security includes Spring Expression Language (SpEL) security expressions for authorization
- Security expressions are evaluated against a context-dependent “root object" called SecurityExpressionRoot
- In web context, the root object is called WebSecurityExpressionRoot, which is derived from SecurityExpressionRoot
Security Expressions (Cont’d)
User Security Expression Terms and Predicates
WebSecurityExpressionRoot Terms
Cheng® 