spring boot access authorization RESTful API

Overview

Set the permissions required to access a specific URL

environment

JDK 1.8.0_144 spring-boot 1.5.10 spring-security 4.2.4

Prerequisites

Obtain authority information in advance when logging in. (Because it's not there this time) This time it is assumed that you can already get ADMIN authority.

Where to implement

Implementation

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    //...
}

Annotate the existing (isn't it?) SecurityConfig class @EnableGlobalMethodSecurity(prePostEnabled = true) To add.

--Controller method

@PreAuthorize("hasAuthority('ADMIN')")
//Controller
public void sampleAuth() {
    //…
}

Annotation @PreAuthorize("hasAuthority('ADMIN')") If you add, this Controller method will only be accessible to users with "ADMIN" privileges.

Characteristics of @PreAuthorize

Expressions are available For example, if you only want to authorize requests from users with [ADMIN] and [MEMBER] privileges @PreAuthorize("hasAuthority('ADMIN OR hasAuthority('MEMBER')") You can use it. In addition to this, [AND] [OR] [NOT (!)] Etc. can be used.

Recommended Posts

spring boot access authorization RESTful API
Spring Boot: Restful API sample project
Implement REST API in Spring Boot
Spring Boot Form
Spring Boot Memorandum
gae + spring boot
◆ Get API created by Spring Boot from React
Create a web api server with spring boot
SPRING BOOT learning record 01
Spring Boot + Heroku Postgres
Automatically map DTOs to entities with Spring Boot API
Hello World (REST API) with Apache Camel + Spring Boot 2
Spring boot memo writing (1)
Access the built-in h2db of spring boot with jdbcTemplate
[Spring Boot] Get user information with Rest API (beginner)
First Spring Boot (DI)
SPRING BOOT learning record 02
Spring Boot exception handling
Spring Boot Servlet mapping
Spring boot development-development environment-
Spring Boot learning procedure
Customize REST API error response with Spring Boot (Part 2)
Learning Spring Boot [Beginning]
Spring boot memo writing (2)
Spring Boot 2.2 Document Summary
[Spring Boot] DataSourceProperties $ DataSourceBeanCreationException
Introduce swagger-ui to REST API implemented in Spring Boot
Spring Boot 2.3 Application Availability
Spring boot tutorials Topics
Customize REST API error response with Spring Boot (Part 1)
Download with Spring Boot
Handle Java 8 date and time API with Thymeleaf with Spring Boot
Implement REST API with Spring Boot and JPA (Application Layer)
Implement REST API with Spring Boot and JPA (Infrastructure layer)
Minimum configuration sample of RESTful API in Jersey + Spring Framework
Let's make a simple API with EC2 + RDS + Spring boot ①
How to call and use API in Java (Spring Boot)
Try hitting the zip code search API with Spring Boot
Implement REST API with Spring Boot and JPA (domain layer)
Implement a simple Rest API with Spring Security & JWT with Spring Boot 2.0
[Spring Boot] Environment construction (macOS)
Try Spring Boot from 0 to 100.
Generate barcode with Spring Boot
Hello World with Spring Boot
Spring Boot on Microsoft Azure
Implement GraphQL with Spring Boot
Spring Boot tutorial task schedule
Spring 5 & Spring Boot 2 Hands-on preparation procedure
Get started with Spring boot
Spring Boot 2 multi-project in Gradle
[Spring Boot] Web application creation
spring boot port duplication problem
Run LIFF with Spring Boot
SNS login with Spring Boot
Spring Boot Hot Swapping settings
Introduction to Spring Boot ① ~ DI ~
File upload with Spring Boot
Spring Boot starting with copy
Introduction to Spring Boot ② ~ AOP ~
CICS-Run Java application-(4) Spring Boot application
Spring Boot starting with Docker