@ -255,7 +255,7 @@ By default, `NimbusReactiveJwtDecoder`, and hence Resource Server, will only tru
@@ -255,7 +255,7 @@ By default, `NimbusReactiveJwtDecoder`, and hence Resource Server, will only tru
You can customize this via <<webflux-oauth2resourceserver-jwt-boot-algorithm,Spring Boot>> or <<webflux-oauth2resourceserver-jwt-decoder-builder,the NimbusJwtDecoder builder>>.
@ -159,7 +159,7 @@ All of this can be quite daunting, especially when this isn't the focus of your
@@ -159,7 +159,7 @@ All of this can be quite daunting, especially when this isn't the focus of your
Fortunately, there are a number of simple ways that you can overcome this difficulty and allow your tests to focus on authorization and not on representing bearer tokens.
We'll look at two of them now:
===== `mockJwt() WebTestClientConfigurer`
==== `mockJwt() WebTestClientConfigurer`
The first way is via a `WebTestClientConfigurer`.
The simplest of these would look something like this:
There are various database schema used by the framework and this appendix provides a single reference point to them all.
You only need to provide the tables for the areas of functionality you require.
@ -7,7 +7,7 @@ DDL statements are given for the HSQLDB database.
@@ -7,7 +7,7 @@ DDL statements are given for the HSQLDB database.
You can use these as a guideline for defining the schema for the database you are using.
=== User Schema
== User Schema
The standard JDBC implementation of the `UserDetailsService` (`JdbcDaoImpl`) requires tables to load the password, account status (enabled or disabled) and a list of authorities (roles) for the user.
You will need to adjust this schema to match the database dialect you are using.
Spring Security 2.0 introduced support for group authorities in `JdbcDaoImpl`.
The table structure if groups are enabled is as follows.
You will need to adjust this schema to match the database dialect you are using.
@ -77,7 +77,7 @@ Remember that these tables are only required if you are using the provided JDBC
@@ -77,7 +77,7 @@ Remember that these tables are only required if you are using the provided JDBC
If you write your own or choose to implement `AuthenticationProvider` without a `UserDetailsService`, then you have complete freedom over how you store the data, as long as the interface contract is satisfied.
=== Persistent Login (Remember-Me) Schema
== Persistent Login (Remember-Me) Schema
This table is used to store data used by the more secure <<remember-me-persistent-token,persistent token>> remember-me implementation.
If you are using `JdbcTokenRepositoryImpl` either directly or through the namespace, then you will need this table.
Remember to adjust this schema to match the database dialect you are using.
There are four tables used by the Spring Security <<domain-acls,ACL>> implementation.
. `acl_sid` stores the security identities recognised by the ACL system.
@ -113,7 +113,7 @@ Both of these default to `call identity()`
@@ -113,7 +113,7 @@ Both of these default to `call identity()`
The ACL artifact JAR contains files for creating the ACL schema in HyperSQL (HSQLDB), PostgreSQL, MySQL/MariaDB, Microsoft SQL Server, and Oracle Database.
These schemas are also demonstrated in the following sections.
==== HyperSQL
=== HyperSQL
The default schema works with the embedded HSQLDB database that is used in unit tests within the framework.
@ -209,7 +209,7 @@ You will have to set the `classIdentityQuery` and `sidIdentityQuery` properties
@@ -209,7 +209,7 @@ You will have to set the `classIdentityQuery` and `sidIdentityQuery` properties
@ -134,17 +134,17 @@ The prefix "ROLE_" is a marker which indicates that a simple comparison with the
@@ -134,17 +134,17 @@ The prefix "ROLE_" is a marker which indicates that a simple comparison with the
In other words, a normal role-based check should be used.
Access-control in Spring Security is not limited to the use of simple roles (hence the use of the prefix to differentiate between different types of security attributes).
We'll see later how the interpretation can vary footnote:[The interpretation of the comma-separated values in the `access` attribute depends on the implementation of the <<ns-access-manager,AccessDecisionManager>> which is used.].
In Spring Security 3.0, the attribute can also be populated with an pass:specialcharacters,macros[<<el-access,EL expression>>].
In Spring Security 3.0, the attribute can also be populated with an <<el-access,EL expression>>.
[NOTE]
===
====
You can use multiple `<intercept-url>` elements to define different access requirements for different sets of URLs, but they will be evaluated in the order listed and the first match will be used.
So you must put the most specific matches at the top.
You can also add a `method` attribute to limit the match to a particular HTTP method (`GET`, `POST`, `PUT` etc.).
===
====
To add some users, you can define a set of test data directly in the namespace:
Rob Winch
6 years ago