Tailoring the UI with authorization checks
With the REST endpoints locked down, it's nice to know things are secure. However, it doesn't make sense to display options in the UI that will get cut off. Instead, it's better to simply not show them. For that, we can leverage a custom Thymeleaf security rule.
Normally, we would make use of Thymeleaf's Spring Security extension. Unfortunately, the Thymeleaf team has yet to write such support for Spring Framework 5's WebFlux module. No problem! We can craft our own and register it inside the Thymeleaf engine.
For starters, we want to define an authorization scoped operation that could be embedded inside a Thymeleaf th:if="${}"
expression, conditionally displaying HTML elements. We can start by adding SecurityExpressionObjectFactory
to the images
microservice, since that fragment of HTML is where we wish to apply it:
public class SecurityExpressionObjectFactory implements IExpressionObjectFactory { private final SecurityExpressionHandler...