Both of these annotations might be used to apply authorization logic at a method level.
Access control for both annotations is applied before method invocation.
RolesAllowed supports only a list of authentications (roles). It's an annotation defined by JSR-250 specification.
PreAuthorize supports SpEL, it's a Spring Security framework annotation.
#spring #certificationquestion #vcp