Authorizing on services and controllers

In this recipe, we restrict the access to services and controllers depending upon the authorities that are granted to users.

Getting ready

We are going to install interceptors on specific URL paths and method-invocations, which will trigger a predefined authorization workflow: the AbstractSecurityInterceptor workflow.

In order for us to test these services' restrictions, we also slightly customized the Swagger UI to use it over a BASIC authentication.

How to do it...

We updated our CustomBasicAuthenticationEntryPoint class for this new version that allows the browser native BASIC-form to be prompted when the call is made from Swagger UI:
```
public class CustomBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint ...
```

Get Spring MVC: Designing Real-World Web Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Spring MVC: Designing Real-World Web Applications by Shameer Kunjumohamed, Hamidreza Sattari, Alex Bretet, Geoffroy Warin

Authorizing on services and controllers

Getting ready

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly