book

Full Stack Development with JHipster

by Deepu K Sasidharan, Sendil Kumar N

March 2018

Intermediate to advanced

380 pages

9h 23m

English

Packt Publishing

Read now

Unlock full access

Content preview from Full Stack Development with JHipster

Limiting access to create/edit/delete entities

Now we need to ensure that only admin users can edit entities, normal users should only be able to view entities authorized to them. For this, it would be better to handle it at the API level using the Spring Security PreAuthorize annotation. Let's start with the order item. Go to src/main/java/com/mycompany/store/web/rest/OrderItemResource.java and add @PreAuthorize("hasAuthority('ROLE_ADMIN')") to methods createOrderItem, updateOrderItem, and deleteOrderItem:

    @DeleteMapping("/order-items/{id}")    @Timed    @PreAuthorize("hasAuthority('ROLE_ADMIN')")    public ResponseEntity<Void> deleteOrderItem(@PathVariable Long id) {        ...    }

We are asking Spring Security interceptors to provide access to these methods ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Full Stack Development with JHipster - Second Edition

Deepu K Sasidharan, Sendil Kumar Nellaiyapen

Eclipse AspectJ: Aspect-Oriented Programming with AspectJ and the Eclipse AspectJ Development Tools

Adrian Colyer, Andy Clement, George Harley, Matthew Webster

Jasmine Cookbook

Munish Kumar

Build Your Own IoT Platform: Develop a Flexible and Scalable Internet of Things Platform

Anand Tamboli

Publisher Resources

ISBN: 9781788476317Supplemental Content