Spring Security allows users to access-control method execution using aspect-oriented programming (AOP) in the background. This can be done using XML configuration or using Java configuration. Since we have been following Java configuration throughout this book, we will cover Java configuration and annotations here to explain method security. The best practice is to choose a particular method invocation authorization approach and stick to it for consistency across your application. Choose whichever approach is apt for your application, as there isn't anything particular documented on when to choose what.

If you would like to enable method security in your application, firstly annotate the class with @EnableMethodSecurity. There are three types of annotation with which you can annotate the methods and authorize them. The types are as follows:

Voting-based annotations: the most commonly used annotations in Spring Security. Spring Security's @Secured annotation falls into this category. To use these annotations, they first have to be enabled, as shown in the following code snippet: