Authorizing on services and controllers
In this recipe, we restrict the access to services and controllers depending upon the authorities that are granted to users.
Getting ready
We are going to install interceptors on specific URL paths and method-invocations, which will trigger a predefined authorization workflow: the AbstractSecurityInterceptor
workflow.
In order for us to test these services' restrictions, we also slightly customized the Swagger UI to use it over a BASIC authentication.
How to do it...
- We updated our
CustomBasicAuthenticationEntryPoint
class for this new version that allows the browser native BASIC-form to be prompted when the call is made from Swagger UI:public class CustomBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint ...
Get Spring MVC Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.