From API Security in Action by Neil Madden
In this article, you’ll implement capability-based access control techniques that enable secure sharing by taking the principle of least authority (POLA) to its logical conclusion and allowing fine-grained control over access to individual resources. Along the way, you’ll see how capabilities prevent a general category of attacks against APIs known as confused deputy attacks.
From Spring Security in Action by Laurentiu Spilca
This article delves into five awkward things that Spring Security does, which might be giving you trouble in your projects.