Conditional Links Based on Authorization

Learn how to configure WebTestClient with hypermedia navigation and test that hypermedia.

The first rule in security is to not allow people to execute operations for which they lack the proper authority. We’ve just done that. Only users with ROLE_INVENTORY will be allowed to alter the system’s inventory.

The second rule in security, though arguably just as important as the first, is to not show a user anything that will cause them to run into the first rule. From a hypermedia perspective, don’t include links they can’t navigate.

To exercise this, let’s examine that findOne operation meant to show a hypermedia record and see if we can conditionalize some of its links:

Get hands-on with 1200+ tech skills courses.