You're reading from Modern API Development with Spring and Spring Boot Design highly scalable and maintainable APIs with REST, gRPC, GraphQL, and the reactive paradigm

Product type Paperback

Published in Jun 2021

Publisher Packt

ISBN-13 9781800562479

Length 582 pages

Edition 1st Edition

Languages

Java

Tools

GraphQL

Concepts

Design

Author (1):

Sourabh Sharma

View More author details

Table of Contents (21) Chapters

Preface

1. Section 1: RESTful Web Services

2. Chapter 1: RESTful Web Service Fundamentals FREE CHAPTER

3. Chapter 2: Spring Concepts and REST APIs

4. Chapter 3: API Specifications and Implementation

5. Chapter 4: Writing Business Logic for APIs

6. Chapter 5: Asynchronous API Design

7. Section 2: Security, UI, Testing, and Deployment

8. Chapter 6: Security (Authorization and Authentication)

9. Chapter 7: Designing a User Interface

10. Chapter 8: Testing APIs

11. Chapter 9: Deployment of Web Services

12. Section 3: gRPC, Logging, and Monitoring

13. Chapter 10: gRPC Fundamentals

14. Chapter 11: gRPC-based API Development and Testing

15. Chapter 12: Logging and Tracing

16. Section 4: GraphQL

17. Chapter 13: GraphQL Fundamentals

18. Chapter 14: GraphQL API Development and Testing

19. Assessments

20. Other Books You May Enjoy

Understanding authorization

Your valid username/password or access token for authentication allows you access to secure resources such as URLs, web resources, or secure web pages. Authorization is one step ahead; it allows you to configure access security further with scopes such as read, write, or roles such as Admin, User, Manager, and so on. Spring Security allows you to configure any custom authority.

We will configure three types of roles for our sample e-commerce app—namely, Customer (user), Admin, and Customer Support Representative (CSR). Obviously, each user would have their own specific authority. For example, a user can place an order and buy stuff online, but should not be able to access the CSR or Admin resources. Similarly, a CSR should not be able to have access to Admin-only resources. A security configuration that allows authority or role-based access to resources is known authorization. A failed authentication should return HTTP (status 401 unauthorized...