Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Typo: Update authorize-http-requests.adoc 

'patters' -> 'pattern'
-----
'db' -> "db",
'ADMIN' -> "ADMIN"
They should be string type
-----
There is no semicolon. I added it.
-----
There is no semicolon at the end of the sentence. So I added
This commit is contained in:
Habin Song 2024-02-07 16:41:21 +09:00 committed by Marcus Hert Da Coregio
parent 7f58a275ae
commit fd1db06efd
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
View File

@ -258,7 +258,7 @@ void endpointWhenNotUserAuthorityThenForbidden() {
@Test @Test
void anyWhenUnauthenticatedThenUnauthorized() { void anyWhenUnauthenticatedThenUnauthorized() {
this.mvc.perform(get("/any")) this.mvc.perform(get("/any"))
.andExpect(status().isUnauthorized()) .andExpect(status().isUnauthorized());
} }
---- ----
====== ======
@ -387,7 +387,7 @@ void endpointWhenNotUserAuthorityThenForbidden() {
@Test @Test
void anyWhenUnauthenticatedThenUnauthorized() { void anyWhenUnauthenticatedThenUnauthorized() {
this.mvc.perform(get("/any")) this.mvc.perform(get("/any"))
.andExpect(status().isUnauthorized()) .andExpect(status().isUnauthorized());
} }
---- ----
====== ======
@ -521,7 +521,7 @@ void getWhenNoReadAuthorityThenForbidden() {
@Test @Test
void postWhenWriteAuthorityThenAuthorized() { void postWhenWriteAuthorityThenAuthorized() {
this.mvc.perform(post("/any").with(csrf())) this.mvc.perform(post("/any").with(csrf()))
.andExpect(status().isOk()) .andExpect(status().isOk());
} }
@WithMockUser(authorities="read") @WithMockUser(authorities="read")
@ -737,7 +737,7 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
.dispatcherTypeMatchers(FORWARD, ERROR).permitAll() // <2> .dispatcherTypeMatchers(FORWARD, ERROR).permitAll() // <2>
.requestMatchers("/static/**", "/signup", "/about").permitAll() // <3> .requestMatchers("/static/**", "/signup", "/about").permitAll() // <3>
.requestMatchers("/admin/**").hasRole("ADMIN") // <4> .requestMatchers("/admin/**").hasRole("ADMIN") // <4>
.requestMatchers("/db/**").access(allOf(hasAuthority('db'), hasRole('ADMIN'))) // <5> .requestMatchers("/db/**").access(allOf(hasAuthority("db"), hasRole("ADMIN"))) // <5>
.anyRequest().denyAll() // <6> .anyRequest().denyAll() // <6>
); );
@ -805,7 +805,7 @@ Xml::
</http> </http>
---- ----
====== ======
<1> We specified a URL patters that any user can access. <1> We specified a URL pattern that any user can access.
Specifically, any user can access a request if the URL starts with "/static/". Specifically, any user can access a request if the URL starts with "/static/".
<2> Any URL that starts with "/admin/" will be restricted to users who have the role "ROLE_ADMIN". <2> Any URL that starts with "/admin/" will be restricted to users who have the role "ROLE_ADMIN".
You will notice that since we are invoking the `hasRole` method we do not need to specify the "ROLE_" prefix. You will notice that since we are invoking the `hasRole` method we do not need to specify the "ROLE_" prefix.