Book Image

Building a RESTful Web Service with Spring

By : Ludovic Dewailly
Book Image

Building a RESTful Web Service with Spring

By: Ludovic Dewailly

Overview of this book

Table of Contents (17 chapters)
Building a RESTful Web Service with Spring
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Authorization


The corollary to authentication is authorization. These two concepts are often handled together, but they refer to two different requirements for securing web services. Authentication validates the identity of users, whereas authorization manages which operations users are entitled to perform. Authorization often relies on associating users with roles and controlling which user roles are allowed to perform specific operations.

Authorization with Spring

There are two approaches to manage authorization with Spring:

  • URL mapping

  • Resource annotations

The following sections provide illustrations of these two approaches.

URL mapping

Expanding on our previous example, we can modify SecurityConfig to declare fine-grain URL mappings as follows:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
    .antMatchers(HttpMethod.GET, "/bookings/**").hasRole("ADMIN...