There is a program with three endpoints:
GET /getavailable to everyone.POST /addavailable only to authenticated users.PUT /updateonly available to authenticated users with theROLE_MANAGERrole.
Select the appropriate code snippet that strictly enforces such access rules.
Java
-
@Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http .authorizeHttpRequests(matcherRegistry -> matcherRegistry .requestMatchers("/get").permitAll() .requestMatchers("/add").authenticated() .requestMatchers("/update").hasAuthority("ROLE_MANAGER") .anyRequest().denyAll() ) .httpBasic(Customizer.withDefaults()) .build(); } -
@Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http .authorizeHttpRequests(matcherRegistry -> matcherRegistry .requestMatchers(HttpMethod.GET, "/get").permitAll() .requestMatchers(HttpMethod.POST, "/add").authenticated() .requestMatchers(HttpMethod.PUT, "/update").hasAuthority("ROLE_MANAGER") .anyRequest().denyAll() ) .httpBasic(Customizer.withDefaults()) .build(); } -
@Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http .authorizeHttpRequests(matcherRegistry -> matcherRegistry .requestMatchers(HttpMethod.GET, "/get").permitAll() .requestMatchers(HttpMethod.POST, "/add").authenticated() .requestMatchers(HttpMethod.PUT, "/update").hasAuthority("MANAGER") .anyRequest().denyAll() ) .httpBasic(Customizer.withDefaults()) .build(); } -
@Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http .authorizeHttpRequests(matcherRegistry -> matcherRegistry .requestMatchers("/get").permitAll() .requestMatchers("/add").authenticated() .requestMatchers("/update").hasRole("MANAGER") .anyRequest().denyAll() ) .httpBasic(Customizer.withDefaults()) .build(); }
Kotlin
-
@Bean fun securityFilterChain(http: HttpSecurity): SecurityFilterChain = http .authorizeHttpRequests { matcherRegistry -> matcherRegistry .requestMatchers("/get").permitAll() .requestMatchers("/add").authenticated() .requestMatchers("/update").hasAuthority("ROLE_MANAGER") .anyRequest().denyAll() } .httpBasic(Customizer.withDefaults()) .build() } -
@Bean fun securityFilterChain(http: HttpSecurity): SecurityFilterChain = http .authorizeHttpRequests { matcherRegistry -> matcherRegistry .requestMatchers(HttpMethod.GET, "/get").permitAll() .requestMatchers(HttpMethod.POST, "/add").authenticated() .requestMatchers(HttpMethod.PUT, "/update").hasAuthority("ROLE_MANAGER") .anyRequest().denyAll() } .httpBasic(Customizer.withDefaults()) .build() } -
@Bean fun securityFilterChain(http: HttpSecurity): SecurityFilterChain = http .authorizeHttpRequests { matcherRegistry -> matcherRegistry .requestMatchers(HttpMethod.GET, "/get").permitAll() .requestMatchers(HttpMethod.POST, "/add").authenticated() .requestMatchers(HttpMethod.PUT, "/update").hasAuthority("MANAGER") .anyRequest().denyAll() } .httpBasic(Customizer.withDefaults()) .build() } -
@Bean fun securityFilterChain(http: HttpSecurity): SecurityFilterChain = http .authorizeHttpRequests { matcherRegistry -> matcherRegistry .requestMatchers("/get").permitAll() .requestMatchers("/add").authenticated() .requestMatchers("/update").hasRole("MANAGER") .anyRequest().denyAll() } .httpBasic(Customizer.withDefaults()) .build() }