March 2018
Intermediate to advanced
380 pages
9h 23m
English
Content preview from Full Stack Development with JHipster
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Limiting access to entities
First, let's limit the access for normal users. This can be done easily at the API level using Spring Security. Add the following snippet to the configure method of src/main/java/com/mycompany/store/config/SecurityConfiguration.java.
Add it right before the line .antMatchers("/api/**").authenticated(). The position is very important:
.antMatchers("/api/customers").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/api/product-categories").hasAuthority(AuthoritiesConstants.ADMIN)
We specify that when the request path matches api/customers or api/product-categories the user should have ROLE_ADMIN to access them. Now sign out and log in as user and try to access the customer entity page. Look at the console in ...