O'Reilly logo

Spring Security - Third Edition by Peter Mularien, Robert Winch, Mick Knutson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Authorizing the requests

As in the authentication process, Spring Security provides an o.s.s.web.access.intercept.FilterSecurityInterceptor servlet filter, which is responsible for coming up with a decision as to whether a particular request will be accepted or denied. At the point the filter is invoked, the principal has already been authenticated, so the system knows that a valid user has logged in; remember that we implemented the List<GrantedAuthority> getAuthorities() method, which returns a list of authorities for the principal, in Chapter 3, Custom Authentication. In general, the authorization process will use the information from this method (defined by the Authentication interface) to determine, for a particular request, whether ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required