JHipster User Authorization Implemetation

Question

I wanted to block some users for accessing some services in JHipster. How can I authorize a particular user for accession a ReST web Service in JHipster?

Answer 1

On /config/SecurityConfiguration.java

You can change access of the api that you want like

   .antMatchers("/api/authenticate").permitAll()
   .antMatchers("/api/**").authenticated()
   .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
   .antMatchers("/auth/*").hasAnyAuthority("ADMIN", "USER")

Or you can use auth.inMemoryAuthentication()

for more information read link below:

https://www.baeldung.com/spring-security-expressions

Answer 2

use has-authority and put your expected authority it will work 100% . tasted

write it on your html tag has-authority="ROLE_ADMIN" or your expected user

Answer 3

For blocking the access on the backend side, use the @Secured annotation on selected methods (rest entry points) in web/rest/*resource.java.

Example:

@RequestMapping(value = "/data-fields",
    method = RequestMethod.GET,
    produces = MediaType.APPLICATION_JSON_VALUE)
@Timed
@Secured({AuthoritiesConstants.ADMIN})
public List<DataFieldDTO> getAllDataFields() {
    log.debug("REST request to get all DataFields");

    return dataFieldService.findAll();
}

Answer 4

As Gaël Marziou says, I believe that what you are trying to do is to block it on frontend's part. If it´s the case a possible way to do it is managing the use of "has-authority". For example: has-authority="ROLE_ADMIN"

So what you should do is the opposite, create an authority which allows some users to have access to ReST web Service