Authentication and Authorization
Security within Spring applications revolves heavily natively around two distinct concepts that are often mistakenly conflated.
Securing Web Apps and REST APIs
Spring Security executes its structural defense by deploying a chain of standard Servlet Filters. These filters execute sequentially before the request ever reaches the Spring DispatcherServlet.
RBAC and CSRF
Role-Based Access Control (RBAC)
Cross-Origin Resource Sharing (CORS)
Web browsers enforce a security mechanism called the Same-Origin Policy. This policy restricts a script loaded from one origin (like http3000) from interacting with a resource from a completely different origin (like your Spring API running at http8080).