Spring Bootframework~30 mins

Role-based access control in Spring Boot - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Role-based access control

📖 Scenario: You are building a simple Spring Boot web application that restricts access to certain pages based on user roles. For example, only users with the ADMIN role can access the admin page.

🎯 Goal: Create a Spring Boot controller with role-based access control using annotations. You will define user roles, configure access rules, and secure endpoints so only authorized roles can access them.

📋 What You'll Learn

Create a controller class named DashboardController

Define two endpoints: /user and /admin

Allow access to /user for users with role USER

Allow access to /admin for users with role ADMIN

Use Spring Security annotations to enforce role-based access control

💡 Why This Matters

🌍 Real World

Role-based access control is essential in web apps to protect sensitive pages and data by allowing only authorized users to access them.

💼 Career

Understanding how to implement role-based security in Spring Boot is a key skill for backend developers working on secure enterprise applications.

Progress0 / 4 steps

Create the controller class with user endpoint

Create a Spring Boot controller class named DashboardController. Inside it, create a method userDashboard mapped to /user that returns the string User Dashboard.

Spring Boot

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class DashboardController {
    // Your code here
}

Need a hint?

Use @RestController on the class and @GetMapping("/user") on the method.

Add admin endpoint to the controller

In the DashboardController class, add a method adminDashboard mapped to /admin that returns the string Admin Dashboard.

Spring Boot

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class DashboardController {
    @GetMapping("/user")
    public String userDashboard() {
        return "User Dashboard";
    }

    // Your code here
}

Need a hint?

Add a new method with @GetMapping("/admin") that returns Admin Dashboard.

Add role-based access control annotations

Add Spring Security annotations to restrict access: annotate userDashboard with @PreAuthorize("hasRole('USER')") and adminDashboard with @PreAuthorize("hasRole('ADMIN')"). Import org.springframework.security.access.prepost.PreAuthorize.

Spring Boot

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.security.access.prepost.PreAuthorize;

@RestController
public class DashboardController {
    @GetMapping("/user")
    // Add @PreAuthorize for USER role
    public String userDashboard() {
        return "User Dashboard";
    }

    @GetMapping("/admin")
    // Add @PreAuthorize for ADMIN role
    public String adminDashboard() {
        return "Admin Dashboard";
    }
}

Need a hint?

Use @PreAuthorize above each method to specify the required role.

Enable method security in the application

In your Spring Boot application main class, add the annotation @EnableMethodSecurity to enable method-level security. Import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity.

Spring Boot

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;

@SpringBootApplication
// Add @EnableMethodSecurity here
public class DemoApplication {
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
}

Need a hint?

Add @EnableMethodSecurity above your main application class to activate method security.