Skip to content

Authorization

Jump to bottom
mangeshdase edited this page Oct 27, 2021 · 1 revision

Description

Authorization is the process of checking privileges for a user to access specific modules in an application. Simply it is the process of determining whether a user has access to a resource after authentication based on their identity and check the user has sufficient rights to access the requested resources. Resources can be web page, CRUD operations, media files, Compressed file, etc. In this project we done authorization on role base.

In other words we can say authorize our application. For that we need first do the Authentication and after that we do authorization.

First we need to associate a role with the user and add the role field in user entity. And after that Configure access rights in Configuration file in this project we add in SecurityConfiguration.java file in rest.config package.

Code Snippet

public final class AuthoritiesConstants {

public static final String ADMIN = "ROLE_ADMIN";

public static final String USER = "ROLE_USER";

public static final String ANONYMOUS = "ROLE_ANONYMOUS";

private AuthoritiesConstants() {}
}

Configuration File:

  public void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http
        .csrf()
        .disable()
        .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
        .exceptionHandling()
            .authenticationEntryPoint(problemSupport)
            .accessDeniedHandler(problemSupport)
    .and()
        .headers()
        .contentSecurityPolicy(jHipsterProperties.getSecurity().getContentSecurityPolicy())
    .and()
        .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
    .and()
        .featurePolicy("geolocation 'none'; midi 'none'; sync-xhr 'none'; 
 microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; 
 fullscreen 'self'; payment 'none'")
    .and()
        .frameOptions()
        .deny()
    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
        .authorizeRequests()
        .antMatchers("/api/authenticate").permitAll()
        .antMatchers("/api/register").permitAll()
        .antMatchers("/api/activate").permitAll()
        .antMatchers("/api/account/reset-password/init").permitAll()
        .antMatchers("/api/account/reset-password/finish").permitAll()            
   .antMatchers("/api/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .antMatchers("/api/**").authenticated()
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/health/**").permitAll()
        .antMatchers("/management/info").permitAll()
        .antMatchers("/management/prometheus").permitAll()
  .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
    .and()
        .httpBasic()
    .and()
        .apply(securityConfigurerAdapter());
    // @formatter:on
}

Home

Clean Architecture Layers(Design constructs)

Hexagonal Hybrid Architecture

Flow of Control

[Module/Features]

Http Gateway Layer

Caching Mechanism

Automated Testing

Code Quality Check

Clone this wiki locally