Spring Security allows you, as an application developer, many choices by which you can authorize user's access to various parts of your application. Here are some of the approaches:

• Web URL: Based on a URL or URL pattern, you can control access
• Method invocation: Even a method in a Java Bean can be access-controlled if needs be
• Domain instance: One of the very cool features is to control access to specific data by having access control of certain needed domain objects within your application
• Web service: Allows you to secure exposed web services in your application

In the next chapter, we will get into these aspects in a bit more detail with more code snippets.