Spring Bootframework~30 mins

Why authorization matters in Spring Boot - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Why authorization matters

📖 Scenario: You are building a simple Spring Boot web application that has two types of users: regular users and admins. You want to make sure that only admins can access the admin page, while regular users can only access the user page.

🎯 Goal: Create a Spring Boot project that sets up basic authorization rules to protect the admin page so only users with the role ADMIN can access it, while users with the role USER can access the user page.

📋 What You'll Learn

Create a simple user data structure with usernames and roles

Add a configuration variable to define the admin role name

Implement authorization logic to restrict access based on roles

Complete the Spring Security configuration to enforce these rules

💡 Why This Matters

🌍 Real World

Authorization is essential in web apps to protect sensitive pages and data. This project shows how to restrict access based on user roles.

💼 Career

Understanding authorization is key for backend developers working with Spring Boot to build secure applications.

Progress0 / 4 steps

DATA SETUP: Create user roles map

Create a Map<String, String> called userRoles with these exact entries: "alice" : "USER", "bob" : "ADMIN", "carol" : "USER".

Spring Boot

// Create a Map called userRoles with exact entries
// Your code here

Need a hint?

Use Map.of() to create a small map with usernames as keys and roles as values.

CONFIGURATION: Define admin role constant

Add a String variable called ADMIN_ROLE and set it to "ADMIN".

Spring Boot

Map userRoles = Map.of(
    "alice", "USER",
    "bob", "ADMIN",
    "carol", "USER"
);
// Define ADMIN_ROLE constant
// Your code here

Need a hint?

Use a simple String variable to hold the admin role name for easy reuse.

CORE LOGIC: Check if user is admin

Write a method boolean isAdmin(String username) that returns true if the user's role in userRoles equals ADMIN_ROLE, otherwise false.

Spring Boot

Map userRoles = Map.of(
    "alice", "USER",
    "bob", "ADMIN",
    "carol", "USER"
);

String ADMIN_ROLE = "ADMIN";

// Write isAdmin method
// Your code here

Need a hint?

Use userRoles.get(username) to get the role and compare it with ADMIN_ROLE.

COMPLETION: Configure Spring Security to restrict access

In your Spring Security configuration, add authorization rules so that /admin/** URLs require hasRole("ADMIN") and /user/** URLs require hasRole("USER").

Spring Boot

Map userRoles = Map.of(
    "alice", "USER",
    "bob", "ADMIN",
    "carol", "USER"
);

String ADMIN_ROLE = "ADMIN";

boolean isAdmin(String username) {
    return ADMIN_ROLE.equals(userRoles.get(username));
}

// Add Spring Security authorization rules
// Your code here

Need a hint?

Use http.authorizeRequests() with antMatchers to set role-based access.