October 2018
Intermediate to advanced
590 pages
15h 5m
English
Once authenticated, a user will be able to access the application. However, it doesn't mean the user can do anything at will. The access will be limited to only those resources that the user has been authorized for. For example, a user can edit his/her own personal information and is forbidden to modify another user's. The following figure shows a user trying to access payment information inside an admin module and getting an Access Denied error, or forbidden error, usually sent back to the client side with the HTTP status 403:

There are two types of authorization. One is role-based authorization, ...
Read now
Unlock full access