Principle
secure by default
Least Privilege
Tools
UserDetailService, FilterChain, Filter interface
SecurityContextHolder.getContext - context hold the info of current login user
spring-security-oauth-authorization-server
JwtAuthenticationConvertor
Pre/PostAuthorization annotation, @EnableGlobalMethodSercurity
Config the authorization checking in request level