Web Applications

Request level Authorization

Spring Security allows you to model your authorization at the request level. You should design which part of the web application is protected and requires authorized access and further to define which roles (RBAC) can access defined web resources.

// Any request requires security contex so at least
// Authentication (authenticates session )is required. 
http
    .authorizeHttpRequests((authorize) -> authorize
        .anyRequest().authenticated()
    )