Conditional Links Based on Authorization
Learn how to configure WebTestClient with hypermedia navigation and test that hypermedia.
We'll cover the following
The first rule in security is to not allow people to execute operations for which they lack the proper authority. We’ve just done that. Only users with ROLE_INVENTORY
will be allowed to alter the system’s inventory.
The second rule in security, though arguably just as important as the first, is to not show a user anything that will cause them to run into the first rule. From a hypermedia perspective, don’t include links they can’t navigate.
To exercise this, let’s examine that findOne
operation meant to show a hypermedia record and see if we can conditionalize some of its links:
Get hands-on with 1400+ tech skills courses.