Work in Progress
Authenticate as a certain user with the X-User header.
Valid users are admin
, regular
, anonymous
(default)
{
"X-User": "admin"
}
Check who you are with
query Me {
me {
name
permissions
}
}
query Notes {
notes {
id
text
}
note1: note(id: "note-1") {
id
text
}
}
mutation UpdateNote {
updateNote(id: "note-1", text: "Note 1 - Edited") {
id
text
}
}
- https://docs.spring.io/spring-security/reference/servlet/authorization/acls.html
- https://docs.spring.io/spring-security/reference/servlet/authorization/expression-based.html
- https://www.baeldung.com/spring-security-acl
- https://github.com/spring-projects/spring-security-samples/tree/5.7.x/servlet/xml/java/contacts
- https://github.com/spring-projects/spring-security-samples/tree/5.7.x/servlet/xml/java/dms
- Typed security annotations