spring-security/docs/modules/ROOT/pages/servlet/authorization/index.adoc

[[servlet-authorization]]
= Authorization
:page-section-summary-toc: 1

Having established xref:servlet/authentication/index.adoc[how users will authenticate], you also need to configure your application's authorization rules.

The advanced authorization capabilities within Spring Security represent one of the most compelling reasons for its popularity.
Irrespective of how you choose to authenticate (whether using a Spring Security-provided mechanism and provider or integrating with a container or other non-Spring Security authentication authority), the authorization services can be used within your application in a consistent and simple way.

You should consider attaching authorization rules to xref:servlet/authorization/authorize-http-requests.adoc[request URIs] and xref:servlet/authorization/method-security.adoc[methods] to begin.
Below there is also wealth of detail about xref:servlet/authorization/architecture.adoc[how Spring Security authorization works] and how, having established a basic model, it can be fine-tuned.
Polish Authentication 2020-03-02 22:45:45 -06:00			`[[servlet-authorization]]`
Extract authorization subsections Issue: gh-2567 2018-03-06 11:12:49 -06:00			`= Authorization`
Docs Use Section Summary where appropriate Closes gh-10449 2021-10-28 14:02:33 -05:00			`:page-section-summary-toc: 1`

Revisit Request and Method Security Docs Issue gh-13088 2023-04-18 18:13:50 -06:00			`Having established xref:servlet/authentication/index.adoc[how users will authenticate], you also need to configure your application's authorization rules.`

Extract authorization subsections Issue: gh-2567 2018-03-06 11:12:49 -06:00			`The advanced authorization capabilities within Spring Security represent one of the most compelling reasons for its popularity.`
Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			`Irrespective of how you choose to authenticate (whether using a Spring Security-provided mechanism and provider or integrating with a container or other non-Spring Security authentication authority), the authorization services can be used within your application in a consistent and simple way.`
Extract authorization subsections Issue: gh-2567 2018-03-06 11:12:49 -06:00
Revisit Request and Method Security Docs Issue gh-13088 2023-04-18 18:13:50 -06:00			`You should consider attaching authorization rules to xref:servlet/authorization/authorize-http-requests.adoc[request URIs] and xref:servlet/authorization/method-security.adoc[methods] to begin.`
			`Below there is also wealth of detail about xref:servlet/authorization/architecture.adoc[how Spring Security authorization works] and how, having established a basic model, it can be fine-tuned.`
Extract authorization subsections Issue: gh-2567 2018-03-06 11:12:49 -06:00
Restructure Docs Issue gh-5935 2019-09-22 00:56:30 -06:00