VMware vRealize Automation 8.x (2022) — Question 59

Which strategy is correct for configuring Spring Security to intercept particular URLs? (Choose the best answer.)

Answer options

• A. The URLs can be specified via configuration (using authorizeRequests () and request matchers), with the most specific rule first and the least specific last.
• B. Spring Security can obtain URLs from Spring MVC controllers, the Spring Security configuration just needs a reference to the controller to be protected.
• C. The URLs are specified in a special properties file, used by Spring Security.
• D. The URLs can be specified via configuration (using authorizeRequests () and request matchers), with the least specific rule first and the most specific last.

Correct answer: A

Explanation

The correct answer is A because Spring Security allows for URL configuration through methods like authorizeRequests() and request matchers, prioritizing the most specific rules first to ensure proper access control. Option B is incorrect as Spring Security does not automatically derive URLs from controllers; it needs explicit configuration. Option C is wrong because URLs are not defined in a properties file but rather in the security configuration. Option D is also incorrect since it suggests the least specific rule should come first, which contradicts the correct configuration approach.