Search⌘ K
AI Features
Home
Courses
Build E-Commerce Apps with Reactive Programming in Spring Boot

Solution: Method-Level Security

Explore how to implement method-level security in Spring Boot applications by controlling access to API endpoints based on user roles. Understand how to write tests using WebTestClient that verify authorization success and failure scenarios. This lesson guides you through securing DELETE operations with role checks and validating results against a MongoDB repository.

We'll cover the following...

Here’s the solution to the previous challenge. We’ll discuss it in detail.

The main difference in this challenge when compared to the DELETE Operation challenge is the URI for deleting the item.

The deletingInventoryWithoutProperRoleFails test function

Let’s take a look at the first test function deletingInventoryWithoutProperRoleFails() in the code snippet below

Java
@Test
	@WithMockUser(username = "carol", roles = { "SOME_OTHER_ROLE" }) //1
	void deletingInventoryWithoutProperRoleFails() {
		this.webTestClient.delete().uri("/api/items/delete/some-item") //2
				.exchange() //3
				.expectStatus().isForbidden(); //4
	}

Here’s a breakdown of the code above:

  1. In line 2, this time, the user carol has the ...