Sooner or later any business application will have some login/logout mechanism and after that there are different types of users. Some users are allowed to do certain things, others are not. This can be solved via a check in every controller, but is way too much overhead. This recipe shows a clean and fast (though somewhat limited) solution to creating security checks, without touching anything of the business logic inside your controller.
You can find the source code of this example in the chapter2/annotation-rights
directory.
Again we will start with a test, which performs several checks for security:
public class UserRightTest extends FunctionalTest { @Test public void testSecretsWork() { login("user", "user"); Response response = GET("/secret"); assertIsOk(response); assertContentEquals("This is secret", response); } @Test public void testSecretsAreNotFoundForUnknownUser...