Security

Authentication & Authorization

• JWT-based: Stateless authentication

• Role-based: USER, ADMIN roles

• Method Security: @PreAuthorize annotations

• CSRF Protection: Enabled for forms

• Password Encoding: BCrypt hashing

Data Validation

• Bean Validation: @Valid annotations

• Custom Validators: Business rule validation

• XSS Protection: Input sanitization

• SQL Injection Prevention: Parameterized queries