Now, let's take a look at how Spring Security works internally when it authorizes requests. As mentioned earlier, in FilterSecurityInterceptor, Spring Security will perform the authorization at the request level. And with AOP, Spring Security can also perform method-level authorization and secure domain objects.