You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21 lines
1.5 KiB
21 lines
1.5 KiB
[[servlet-authorization]] |
|
= Authorization |
|
:page-section-summary-toc: 1 |
|
|
|
Having established xref:servlet/authentication/index.adoc[how users will authenticate], you also need to configure your application's authorization rules. |
|
|
|
The advanced authorization capabilities within Spring Security represent one of the most compelling reasons for its popularity. |
|
Irrespective of how you choose to authenticate (whether using a Spring Security-provided mechanism and provider or integrating with a container or other non-Spring Security authentication authority), the authorization services can be used within your application in a consistent and simple way. |
|
|
|
You should consider attaching authorization rules to xref:servlet/authorization/authorize-http-requests.adoc[request URIs] and xref:servlet/authorization/method-security.adoc[methods] to begin. |
|
In either case, you can listen and react to xref:servlet/authorization/events.adoc[authorization events] that each authorization check publishes. |
|
Below there is also wealth of detail about xref:servlet/authorization/architecture.adoc[how Spring Security authorization works] and how, having established a basic model, it can be fine-tuned. |
|
|
|
[NOTE] |
|
==== |
|
As of Spring Security 7, the Access API (`AccessDecisionManager`, `AccessDecisionVoter`, etc.) are moved to a legacy module, `spring-security-access`. |
|
For new applications, there is no need to include the dependency. |
|
For older applications that have not yet migrated to the Authorization API, this module is available to assist your continued migration efforts. |
|
==== |
|
|
|
|
|
|