7.1 Restricting access based on authorities and roles

7.1.1 Restricting access for all endpoints based on user authorities

  1. @Configuration
  2. public class ProjectConfig extends WebSecurityConfigurerAdapter {
  3.     @Bean
  4.     public UserDetailsService userDetailsService() {
  5.         InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
  6.         UserDetails user1 = User.withUsername("john")
  7.                 .password("12345")
  8.                 .authorities("READ")
  9.                 .build();
  10.         UserDetails user2 = User.withUsername("jane")
  11.                 .password("12345")
  12.                 .authorities("WRITE")
  13.                 .build();
  14.         manager.createUser(user1);
  15.         manager.createUser(user2);
  17.         return manager;
  18.     }
  20.     @Bean
  21.     public PasswordEncoder passwordEncoder() {
  22.         return NoOpPasswordEncoder.getInstance();
  23.     }
  25.     @Override
  26.     protected void configure(HttpSecurity http) throws Exception {
  27.         http.httpBasic();
  29.         http.authorizeRequests()
  30.                 .anyRequest()
  31.                 .hasAnyAuthority("WRITE", "READ");
  32.     }
  33. }
  1. @Override
  2.     protected void configure(HttpSecurity http) throws Exception {
  3.         http.httpBasic();
  5.         http.authorizeRequests()
  6.                 .anyRequest()
  7. //                .hasAnyAuthority("WRITE", "READ");
  8.                 .access("hasAuthority('WRITE')");
  9.     }

7.1.2 Restricting access for all endpoints based on user roles

  1. @Bean
  2.     public UserDetailsService userDetailsService() {
  3.         InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
  4.         UserDetails user1 = User.withUsername("john")
  5.                 .password("12345")
  6.                 .authorities("ROLE_ADMIN")
  7.                 .build();
  8.         UserDetails user2 = User.withUsername("jane")
  9.                 .password("12345")
  10.                 .authorities("ROLE_MANAGER")
  11.                 .build();
  12.         manager.createUser(user1);
  13.         manager.createUser(user2);
  15.         return manager;
  16.     }
  18. @Override
  19.     protected void configure(HttpSecurity http) throws Exception {
  20.         http.httpBasic();
  22.         http.authorizeRequests()
  23.                 .anyRequest()
  24.                 .hasRole("ADMIN");
  25.     }
  1. @Bean
  2.     public UserDetailsService userDetailsService() {
  3.         InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
  4.         UserDetails user1 = User.withUsername("john")
  5.                 .password("12345")
  6. //                .authorities("ROLE_ADMIN")
  7.                 .roles("ADMIN")
  8.                 .build();
  9.         UserDetails user2 = User.withUsername("jane")
  10.                 .password("12345")
  11. //                .authorities("ROLE_MANAGER")
  12.                 .roles("MANAGER")
  13.                 .build();
  14.         manager.createUser(user1);
  15.         manager.createUser(user2);
  17.         return manager;
  18.     }