Conditional Links Based on Authorization

Learn how to configure WebTestClient with hypermedia navigation and test that hypermedia.

We'll cover the following

Configuring WebTestClient with hypermedia navigation
Testing hypermedia

The first rule in security is to not allow people to execute operations for which they lack the proper authority. We’ve just done that. Only users with ROLE_INVENTORY will be allowed to alter the system’s inventory.

The second rule in security, though arguably just as important as the first, is to not show a user anything that will cause them to run into the first rule. From a hypermedia perspective, don’t include links they can’t navigate.

To exercise this, let’s examine that findOne operation meant to show a hypermedia record and see if we can conditionalize some of its links:

Get hands-on with 1200+ tech skills courses.

Getting Started

Building a Web App with Spring Boot

Data Access with Spring Boot

Developer Tools for Spring Boot

Testing with Spring Boot

Operations with Spring Boot

Building APIs with Spring Boot

Messaging with Spring Boot

RSocket with Spring Boot

Securing Our Application with Spring Boot

Epilogue

Appendix

Conditional Links Based on Authorization