Basic role-based authorization

We can expand on the Spring Security configuration from Hello Spring Security to vary the access controls by URL. In this section, you will find a configuration that allows more granular control over how resources can be accessed. In the configuration, Spring Security does the following tasks:

  • It completely ignores any request that starts with /resources/. This is beneficial since our images, CSS, and JavaScript do not need to use Spring Security.
  • It allows anonymous users to access the Welcome, Login, and Logout pages.
  • It only allows administrators access to the All Events page.
  • It adds an administrator that can access the All Events page.

Take a look at the following code snippet:

 //src/main/java/com/packtpub/springsecurity/configuration/ ...

Get Spring Security - Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.