# Authorization

The advanced authorization capabilities within Spring Security represent one of the most compelling reasons for its popularity.
Irrespective of how you choose to authenticate - whether using a Spring Security-provided mechanism and provider, or integrating with a container or other non-Spring Security authentication authority - you will find the authorization services can be used within your application in a consistent and simple way.

In this part we’ll explore the different `AbstractSecurityInterceptor` implementations, which were introduced in Part I.
We then move on to explore how to fine-tune authorization through use of domain access control lists.

## Section Summary

* [Authorization Architecture](architecture.html)
* [Authorize HTTP Requests](authorize-http-requests.html)
* [Authorize HTTP Requests with FilterSecurityInterceptor](authorize-requests.html)
* [Expression-Based Access Control](expression-based.html)
* [Secure Object Implementations](secure-objects.html)
* [Method Security](method-security.html)
* [Domain Object Security ACLs](acls.html)

[Authentication Events](../authentication/events.html)[Authorization Architecture](architecture.html)