October 2018
Intermediate to advanced
590 pages
15h 5m
English
Our Messages App is a simplified demo application. It doesn't have many features that a typical web application should have. For example, it lacks security checking. Currently, we allow anyone to post messages via the /messages (POST) API. A simple fix is to add security check logic inside the API handler, the MessageController.saveMessage() method, as follows:
public ResponseEntity<Message> saveMessage(@RequestBody MessageData data) { checkSecurity(); ...}private void checkSecurity() throws NotAuthorizedException { // Do security checking ...}
Inside the saveMessage() method, we invoke the checkSecurity() method immediately and, if the request is not authorized, NotAuthorizedException will be thrown.
Our Messages App doesn't ...
Read now
Unlock full access