In this video, I’ll show you how to secure your Spring Boot endpoints using the powerful @PreAuthorize annotation from Spring Security. We’ll go beyond basic role checks and implement custom authorization logic — for example, allowing only the creator of a resource to update it, while others must just be authenticated.
GitHub Link: https://github.com/ali-bouali/spring-...
✅ What You'll Learn:
How @PreAuthorize works in Spring Boot
How to inject services into your security expressions
How to write custom security checks (e.g., "is this user the owner?")
Best practices for fine-grained access control
Real-world examples for securing endpoints
Whether you're building a REST API or a full-stack web app, securing your endpoints properly is critical — and this video gives you the tools to do it right.
🧠 Part of an ongoing Spring Security series — subscribe so you don’t miss the rest!
Table of content:
00:00 Intro
03:00 Create the entities
10:53 Create the category service and DTOs
18:27 Implement the category service
38:50 Implement the category controller
47:33 Create the Todo service and DTOs
56:37 Implement the Todo service
01:13:29 Implement the Todo controller
01:22:34 Testing and introducing the security issue
01:30:12 Secure the endpoints with @PreAuthorize and custom logic
01:46:43 Outro
