Recall & Review
beginner
What is Role-based Access Control (RBAC)?
RBAC is a way to control who can do what in an application by assigning roles to users. Each role has specific permissions that allow or deny actions.
Click to reveal answer
beginner
How do you define roles in Spring Boot for RBAC?
Roles are usually defined as strings like 'ROLE_ADMIN' or 'ROLE_USER' and assigned to users. Spring Security uses these roles to check access rights.
Click to reveal answer
intermediate
Which Spring Security annotation is used to restrict access to methods based on roles?
The @PreAuthorize annotation is used to restrict access by specifying role conditions, for example, @PreAuthorize("hasRole('ADMIN')").
Click to reveal answer
intermediate
What is the difference between 'hasRole' and 'hasAuthority' in Spring Security?
'hasRole' checks for roles with a 'ROLE_' prefix automatically added, while 'hasAuthority' checks for exact authority strings without adding prefixes.
Click to reveal answer
intermediate
How can you configure role-based access control in Spring Security's HttpSecurity?
You configure RBAC by specifying URL patterns and the roles allowed to access them using methods like .antMatchers("/admin/**").hasRole("ADMIN").
Click to reveal answer
In Spring Security, what prefix is automatically added when using hasRole('ADMIN')?
✗ Incorrect
Spring Security automatically adds the prefix 'ROLE_' when you use hasRole, so hasRole('ADMIN') checks for 'ROLE_ADMIN'.
Which annotation restricts method access based on roles in Spring Boot?
✗ Incorrect
@PreAuthorize allows you to specify role-based access rules on methods.
What does RBAC stand for?
✗ Incorrect
RBAC means Role-based Access Control, a way to manage permissions by roles.
How do you specify that only users with ADMIN role can access '/admin/**' URLs in Spring Security?
✗ Incorrect
Using .antMatchers("/admin/**").hasRole("ADMIN") restricts access to users with ADMIN role.
Which of these is NOT a typical role name in Spring Security?
✗ Incorrect
While ROLE_GUEST_USER could be used, it is uncommon to have spaces or underscores beyond simple role names; typical roles are short and simple.
Explain how role-based access control works in a Spring Boot application.
Think about how you decide who can enter a room based on their badge.
You got /4 concepts.
Describe how to restrict access to a REST endpoint to only users with the ADMIN role using Spring Security.
Consider both configuration and annotation ways.
You got /4 concepts.