In this recipe, we restrict the access to services and controllers depending upon the authorities that are granted to users.
We are going to install interceptors on specific URL paths and method-invocations, which will trigger a predefined authorization workflow: the AbstractSecurityInterceptor
workflow.
In order for us to test these services' restrictions, we also slightly customized the Swagger UI to use it over a BASIC authentication.
We updated our
CustomBasicAuthenticationEntryPoint
class for this new version that allows the browser native BASIC-form to be prompted when the call is made from Swagger UI:public class CustomBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { String referer = (String) request.getHeader("referer"); ...