The best practice when implementing security is to validate all incoming requests. We would want our security framework to look at the incoming request, authenticate the user and allow the action to be performed only if the user has access to perform the operation. We will make use of a filter to intercept and validate the request. The following example shows more details.
We would want to configure Spring Security to intercept all requests to a web application. We will use a filter, DelegatingFilterProxy, which delegates to a Spring-managed bean FilterChainProxy:
<filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy ...