Complete the code to specify the role required to access the endpoint.
@PreAuthorize("hasRole('[1]')") @GetMapping("/admin") public String adminEndpoint() { return "Admin content"; }
The @PreAuthorize annotation checks if the user has the specified role. Here, ADMIN is the required role to access this endpoint.
Complete the code to secure the endpoint so only users with the 'USER' role can access it.
@PreAuthorize("hasRole('[1]')") @GetMapping("/profile") public String userProfile() { return "User profile content"; }
The @PreAuthorize annotation restricts access to users with the USER role for this endpoint.
Fix the error in the annotation to correctly check if the user has the 'MANAGER' role.
@PreAuthorize("hasRole([1])") @GetMapping("/manage") public String manageEndpoint() { return "Manager content"; }
The hasRole function expects the role name as a string literal inside quotes. Using double quotes inside the annotation string is correct here.
Fill both blanks to secure the endpoint so only users with 'ADMIN' or 'MODERATOR' roles can access it.
@PreAuthorize("hasRole('[1]') or hasRole('[2]')") @GetMapping("/dashboard") public String dashboard() { return "Dashboard content"; }
The @PreAuthorize annotation uses or to allow access if the user has either the ADMIN or MODERATOR role.
Fill all three blanks to secure the endpoint so only users with 'ADMIN' role and 'ACTIVE' status can access it using SpEL expressions.
@PreAuthorize("hasRole('[1]') and @userService.isActiveUser(authentication.name) == [2] and principal.enabled == [3]") @GetMapping("/secure-data") public String secureData() { return "Secure data content"; }
The @PreAuthorize annotation checks that the user has the ADMIN role, the user is active via a service method returning true, and the principal's enabled flag is true.