15 lines
1.2 KiB
Plaintext
15 lines
1.2 KiB
Plaintext
[[servlet-authorization]]
|
|
= Authorization
|
|
:page-section-summary-toc: 1
|
|
|
|
Having established xref:servlet/authentication/index.adoc[how users will authenticate], you also need to configure your application's authorization rules.
|
|
|
|
The advanced authorization capabilities within Spring Security represent one of the most compelling reasons for its popularity.
|
|
Irrespective of how you choose to authenticate (whether using a Spring Security-provided mechanism and provider or integrating with a container or other non-Spring Security authentication authority), the authorization services can be used within your application in a consistent and simple way.
|
|
|
|
You should consider attaching authorization rules to xref:servlet/authorization/authorize-http-requests.adoc[request URIs] and xref:servlet/authorization/method-security.adoc[methods] to begin.
|
|
In either case, you can listen and react to xref:servlet/authorization/events.adoc[authorization events] that each authorization check publishes.
|
|
Below there is also wealth of detail about xref:servlet/authorization/architecture.adoc[how Spring Security authorization works] and how, having established a basic model, it can be fine-tuned.
|
|
|
|
|