Computer scienceBackendSpring BootSpring Security

Authorization

Access control

Report a typo

Imagine that the security config enforces the following access rules:

Java

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    return http
            .authorizeHttpRequests(auth -> auth
                    .requestMatchers("/products").permitAll()
                    .requestMatchers("/home").anonymous()
                    .requestMatchers("/history").hasAuthority("ROLE_ADMIN")
                    .requestMatchers("/api/*").authenticated()
                    .requestMatchers("/api/orders").hasRole("USER")
                    .requestMatchers("/**").denyAll()
            )
            .httpBasic(Customizer.withDefaults())
            .build();
}

Kotlin

@Bean
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain =
    http
        .authorizeHttpRequests { auth -> auth
            .requestMatchers("/products").permitAll()
            .requestMatchers("/home").anonymous()
            .requestMatchers("/history").hasAuthority("ROLE_ADMIN")
            .requestMatchers("/api/*").authenticated()
            .requestMatchers("/api/orders").hasRole("USER")
            .requestMatchers("/**").denyAll()
        }
        .httpBasic(Customizer.withDefaults())
        .build()
}

Select all correct statements about accessing the protected endpoints.

Select one or more options from the list

/api/history can be accessed only by users with the ROLE_ADMIN role.

/api/orders can be accessed only by users with the ROLE_USER role.

/home can be accessed by unauthenticated users.

/products can be accessed by authenticated users.

___

Create a free account to access the full topic