1
1
.
.
1
1
.
.
6
6
A
A
u
u
t
t
h
h
o
o
r
r
i
i
z
z
a
a
t
t
i
i
o
o
n
n
I
I
n
n
f
f
o
o
Authorization answers question: "What are you allowed to do?" => By using Authorities & Roles
(Defines access to Controller Endpoints to which Authorities & Roles are assigned)
Authorization can be
● Role Based @Secured("ADMIN")
● Authorities Based @PreAuthorize("hasAuthority(book.create)")
● Custom Based @PreAuthorize("@authenticationService.authenticate(authentication)")
C
C
u
u
s
s
t
t
o
o
m
m
B
B
a
a
s
s
e
e
d
d
A
A
u
u
t
t
h
h
o
o
r
r
i
i
z
z
a
a
t
t
i
i
o
o
n
n
Custom Authorization is based on calling Custom Methods which should return Boolean
● If Method returns true User will be allowed to access endpoint
● If Method returns false User will be forbidden to access endpoint
You can combine Authorities and Custom Methods to control access to endpoints.
Custom Authorization is usually combined with Custom Users since they have additional Custom Properties that can be
used to filter access to endpoints.
