In this recipe, we restrict the access to services and controllers depending upon the authorities that are granted to users.
We are going to install interceptors on specific URL paths and method-invocations, which will trigger a predefined authorization workflow: the
In order for us to test these services' restrictions, we also slightly customized the Swagger UI to use it over a BASIC authentication.
CustomBasicAuthenticationEntryPointclass for this new version that allows the browser native BASIC-form to be prompted when the call is made from Swagger UI:
public class CustomBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint ...