You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14 lines
1.2 KiB
14 lines
1.2 KiB
[[servlet-authorization]] |
|
= Authorization |
|
:page-section-summary-toc: 1 |
|
|
|
Having established xref:servlet/authentication/index.adoc[how users will authenticate], you also need to configure your application's authorization rules. |
|
|
|
The advanced authorization capabilities within Spring Security represent one of the most compelling reasons for its popularity. |
|
Irrespective of how you choose to authenticate (whether using a Spring Security-provided mechanism and provider or integrating with a container or other non-Spring Security authentication authority), the authorization services can be used within your application in a consistent and simple way. |
|
|
|
You should consider attaching authorization rules to xref:servlet/authorization/authorize-http-requests.adoc[request URIs] and xref:servlet/authorization/method-security.adoc[methods] to begin. |
|
In either case, you can listen and react to xref:servlet/authorization/events.adoc[authorization events] that each authorization check publishes. |
|
Below there is also wealth of detail about xref:servlet/authorization/architecture.adoc[how Spring Security authorization works] and how, having established a basic model, it can be fine-tuned. |
|
|
|
|
|
|