Part 3. Configuring authorization

 

Once an application determines your identity, the crucial phase of deciding your permissions ensues: authorization. Implementing it correctly is pivotal, as missteps can compromise user privacy and data integrity. In this part of the book, I’ll walk you through the intricate layers of authorization and safeguarding against common vulnerabilities.

Chapter 7 offers a deep dive into the realm of access restrictions, focusing on user authorities and roles, and providing insights on how to apply these restrictions universally.

Chapter 8 continues the journey, presenting advanced methods, such as requestMatchers(), to select and enforce authorization restrictions. It also introduces the use of regular expressions for more granular control.

Chapter 9 addresses the pressing concern of cross-site request forgery (CSRF). By understanding its mechanism in Spring Security, you’ll be empowered to apply and customize CSRF protection effectively.

Chapter 10 introduces the concept of cross-origin resource sharing (CORS), illuminating how it operates and guiding you through applying CORS policies through annotations and CorsConfigurer.

Chapter 11 ventures into method security, ensuring individual functions within your application uphold strict authorization principles. This includes both pre- and postauthorization rules and advanced permissions settings for methods.