Additional Notes
Where should order-ownership checks live?
Track: Java
Topic: Spring Security
Focus: Spring Security Filter Chain
Java: Spring Security Filter Chain
Answer
Near the business action, where order facts are actually available.
The filter chain authenticates requests early, but resource-specific decisions often require domain context such as order owner, refund state, or tenant membership. Those checks belong deeper in the application flow.
The filter chain authenticates requests early, but resource-specific decisions often require domain context such as order owner, refund state, or tenant membership. Those checks belong deeper in the application flow.
Topics: Java Spring Security Spring Security Filter Chain