From the course: Spring 6: Spring Security
Join today to access over 25,300 courses taught by industry experts.
Applying authorizations
From the course: Spring 6: Spring Security
Applying authorizations
- [Instructor] So at this point, we've only been enforcing login or authentication to secure our application, but we haven't put any authorizations in place on our pages. So let's change that for our simple web example. All right, so the first thing I want you to do is open up admin web, go to source, main, java. The config package underneath our base package and the web security config. So in here, we're going to add a couple new request matchers. So the first one that we're going to do is at /customers/**, so this will be anything beyond the /customers endpoint, inclusive of it. Here we want to do it where we have a role of user. Now, we're going to add another one. And this one is going to be at /orders. And we're going to do a has role of admin. So to get to our orders page, you've got to be an admin, otherwise a standard user can access it. But nonetheless, they all must be authenticated. So now we need to go and add another bean. And this bean is going to be of type…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
Introduction to project3m 31s
-
(Locked)
In-memory authentication6m 21s
-
(Locked)
JDBC authentication5m 54s
-
(Locked)
Leveraging bcrypt for hashing2m 45s
-
(Locked)
Applying authorizations7m 56s
-
(Locked)
Form-based authentication3m 25s
-
(Locked)
The login page3m 51s
-
(Locked)
Wiring it all together2m 46s
-
(Locked)
Finishing touches and testing1m 46s
-
-
-
-
-