13 Custom Authorization

In this chapter, we will write some custom implementations for Spring Security’s key authorization APIs. Once we have done this, we will use our understanding of the custom implementations to understand how Spring Security’s authorization architecture works.

Throughout this chapter, we will cover the following topics:

Gaining an understanding of how authorization works
Writing a custom SecurityMetaDataSource backed by a database instead of requestMatchers() methods
Creating custom Spring Expression Language (SpEL) expressions
Implementing a custom PermissionEvaluator object that allows our permissions to be encapsulated
Declaring a custom AuthorizationManager

This chapter’s code in action link is here: https://packt.link/e630f ...

Get Spring Security - Fourth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Spring Security - Fourth Edition by Badr Nasslahsen

13

Custom Authorization

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly