Simple Spring-Security basic authentication using method level security
Test the public endpoint without any authentication:
curl http://localhost:8080/public
Response:
Hello Public!Test the private endpoint without authentication:
curl http://localhost:8080/private
You receive the following response, which indicates you are not authorized to access the resource:
HTTP Status 401 - Full authentication is required to access this resource
Test the private endpoint with ROLE_USER account authentication:
curl -u user:password http://localhost:8080/private
Response:
Hello Private!Test the private endpoint with ROLE_ADMIN account authentication:
curl -u admin:password http://localhost:8080/private
Response:
Hello Private!Test the private endpoint with wrong user authentication:
curl -u user:wrongpassword http://localhost:8080/private
You receive the following response, which indicates you are not authorized to access the resource:
HTTP Status 401 - Bad credentials
Test the admin endpoint with ROLE_USER account authentication:
curl -u user:password http://localhost:8080/admin
Response:
{
"timestamp":1515542457567,
"status":403,
"error":"Forbidden",
"exception":"org.springframework.security.access.AccessDeniedException",
"message":"Dostęp zabroniony",
"path":"/admin"
}Test the admin endpoint with ROLE_ADMIN account authentication:
curl -u admin:password http://localhost:8080/admin
Response:
Hello Admin!