8 Configuring endpoint-level authorization: Applying restrictions

This chapter covers

  • Selecting requests to apply restrictions using matcher methods
  • Learning best-case scenarios for each matcher method

In chapter 7, you learned how to configure access based on authorities and roles. But we only applied the configurations for all endpoints. In this chapter, you’ll learn how to apply authorization constraints to a specific group of requests. In production applications, it’s less probable that you’ll apply the same rules for all requests. You have endpoints that can be called only by specific users, while other endpoints might be accessible to everyone. Depending on the business requirements, each application has its own custom authorization configuration. ...

Get Spring Security in Action, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.