java - Setup custom auth and role in spring security -


i have extended websecurityconfigureradapter configure custom authentication , authorization. have introduced new api say, "/v1/api". requirement follows,

  1. this api supposed called entity role "api_role" , no 1 else
  2. also person "api_role" should not able call other api in system.

how configuration like?

@override protected void configure(httpsecurity http) throws exception {     http.authorizerequests().antmatchers("/v1/api**").hasauthority("role_api"); 

the above code achieves 1 purpose, how block person role hit other api?

you can use following java configuration.

@override protected void configure(httpsecurity http) throws exception {     http.authorizerequests().antmatchers("/v1/api**").hasauthority("role_api")         .and().authorizerequests()         .antmatchers("/**").not().hasauthority("role_api"); 

Comments