Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 14:52:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '6.2.x'

Browse Source
This commit is contained in:
Marcus Hert Da Coregio 2024-02-07 10:51:38 -03:00
commit d4151ff4c9
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
View File

@ -258,7 +258,7 @@ void endpointWhenNotUserAuthorityThenForbidden() {
@Test @Test
void anyWhenUnauthenticatedThenUnauthorized() { void anyWhenUnauthenticatedThenUnauthorized() {
this.mvc.perform(get("/any")) this.mvc.perform(get("/any"))
.andExpect(status().isUnauthorized()) .andExpect(status().isUnauthorized());
} }
---- ----
====== ======
@ -387,7 +387,7 @@ void endpointWhenNotUserAuthorityThenForbidden() {
@Test @Test
void anyWhenUnauthenticatedThenUnauthorized() { void anyWhenUnauthenticatedThenUnauthorized() {
this.mvc.perform(get("/any")) this.mvc.perform(get("/any"))
.andExpect(status().isUnauthorized()) .andExpect(status().isUnauthorized());
} }
---- ----
====== ======
@ -521,7 +521,7 @@ void getWhenNoReadAuthorityThenForbidden() {
@Test @Test
void postWhenWriteAuthorityThenAuthorized() { void postWhenWriteAuthorityThenAuthorized() {
this.mvc.perform(post("/any").with(csrf())) this.mvc.perform(post("/any").with(csrf()))
.andExpect(status().isOk()) .andExpect(status().isOk());
} }
@WithMockUser(authorities="read") @WithMockUser(authorities="read")
@ -805,7 +805,7 @@ Xml::
</http> </http>
---- ----
====== ======
<1> We specified a URL patters that any user can access. <1> We specified a URL pattern that any user can access.
Specifically, any user can access a request if the URL starts with "/static/". Specifically, any user can access a request if the URL starts with "/static/".
<2> Any URL that starts with "/admin/" will be restricted to users who have the role "ROLE_ADMIN". <2> Any URL that starts with "/admin/" will be restricted to users who have the role "ROLE_ADMIN".
You will notice that since we are invoking the `hasRole` method we do not need to specify the "ROLE_" prefix. You will notice that since we are invoking the `hasRole` method we do not need to specify the "ROLE_" prefix.