Skip to content

Commit db8b632

Browse files
jzheauxjzheaux
committed
Merge branch '6.3.x' into 6.4.x
2 parents af87861 + 72554f7 commit db8b632

File tree

1 file changed

+12
-12
lines changed

1 file changed

+12
-12
lines changed

docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1048,8 +1048,8 @@ public class SecurityConfig {
10481048
http
10491049
.securityMatcher("/api/**") <1>
10501050
.authorizeHttpRequests(authorize -> authorize
1051-
.requestMatchers("/user/**").hasRole("USER") <2>
1052-
.requestMatchers("/admin/**").hasRole("ADMIN") <3>
1051+
.requestMatchers("/api/user/**").hasRole("USER") <2>
1052+
.requestMatchers("/api/admin/**").hasRole("ADMIN") <3>
10531053
.anyRequest().authenticated() <4>
10541054
)
10551055
.formLogin(withDefaults());
@@ -1071,8 +1071,8 @@ open class SecurityConfig {
10711071
http {
10721072
securityMatcher("/api/**") <1>
10731073
authorizeHttpRequests {
1074-
authorize("/user/**", hasRole("USER")) <2>
1075-
authorize("/admin/**", hasRole("ADMIN")) <3>
1074+
authorize("/api/user/**", hasRole("USER")) <2>
1075+
authorize("/api/admin/**", hasRole("ADMIN")) <3>
10761076
authorize(anyRequest, authenticated) <4>
10771077
}
10781078
}
@@ -1084,8 +1084,8 @@ open class SecurityConfig {
10841084
======
10851085

10861086
<1> Configure `HttpSecurity` to only be applied to URLs that start with `/api/`
1087-
<2> Allow access to URLs that start with `/user/` to users with the `USER` role
1088-
<3> Allow access to URLs that start with `/admin/` to users with the `ADMIN` role
1087+
<2> Allow access to URLs that start with `/api/user/` to users with the `USER` role
1088+
<3> Allow access to URLs that start with `/api/admin/` to users with the `ADMIN` role
10891089
<4> Any other request that doesn't match the rules above, will require authentication
10901090

10911091
The `securityMatcher(s)` and `requestMatcher(s)` methods will decide which `RequestMatcher` implementation fits best for your application: If {spring-framework-reference-url}web.html#spring-web[Spring MVC] is in the classpath, then javadoc:org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher[] will be used, otherwise, javadoc:org.springframework.security.web.util.matcher.AntPathRequestMatcher[] will be used.
@@ -1111,8 +1111,8 @@ public class SecurityConfig {
11111111
http
11121112
.securityMatcher(antMatcher("/api/**")) <2>
11131113
.authorizeHttpRequests(authorize -> authorize
1114-
.requestMatchers(antMatcher("/user/**")).hasRole("USER") <3>
1115-
.requestMatchers(regexMatcher("/admin/.*")).hasRole("ADMIN") <4>
1114+
.requestMatchers(antMatcher("/api/user/**")).hasRole("USER") <3>
1115+
.requestMatchers(regexMatcher("/api/admin/.*")).hasRole("ADMIN") <4>
11161116
.requestMatchers(new MyCustomRequestMatcher()).hasRole("SUPERVISOR") <5>
11171117
.anyRequest().authenticated()
11181118
)
@@ -1146,8 +1146,8 @@ open class SecurityConfig {
11461146
http {
11471147
securityMatcher(antMatcher("/api/**")) <2>
11481148
authorizeHttpRequests {
1149-
authorize(antMatcher("/user/**"), hasRole("USER")) <3>
1150-
authorize(regexMatcher("/admin/**"), hasRole("ADMIN")) <4>
1149+
authorize(antMatcher("/api/user/**"), hasRole("USER")) <3>
1150+
authorize(regexMatcher("/api/admin/**"), hasRole("ADMIN")) <4>
11511151
authorize(MyCustomRequestMatcher(), hasRole("SUPERVISOR")) <5>
11521152
authorize(anyRequest, authenticated)
11531153
}
@@ -1161,8 +1161,8 @@ open class SecurityConfig {
11611161

11621162
<1> Import the static factory methods from `AntPathRequestMatcher` and `RegexRequestMatcher` to create `RequestMatcher` instances.
11631163
<2> Configure `HttpSecurity` to only be applied to URLs that start with `/api/`, using `AntPathRequestMatcher`
1164-
<3> Allow access to URLs that start with `/user/` to users with the `USER` role, using `AntPathRequestMatcher`
1165-
<4> Allow access to URLs that start with `/admin/` to users with the `ADMIN` role, using `RegexRequestMatcher`
1164+
<3> Allow access to URLs that start with `/api/user/` to users with the `USER` role, using `AntPathRequestMatcher`
1165+
<4> Allow access to URLs that start with `/api/admin/` to users with the `ADMIN` role, using `RegexRequestMatcher`
11661166
<5> Allow access to URLs that match the `MyCustomRequestMatcher` to users with the `SUPERVISOR` role, using a custom `RequestMatcher`
11671167

11681168
== Further Reading

0 commit comments

Comments
 (0)